I want to ask again why DMARC should consider any domain other than the one in the Header From. The purpose of DMARC should be stated right at the top of the proposed standard. It is intended to control use of a domain in the Header From. If the Header From has [email protected], the DMARC record for _dmarc.example.com should apply.
It does not make sense to me to say that if the Header From is [email protected], and there is no _dmarc.alpha.example.com record, then recipient systems should continue to look for _dmarc.example.com and apply the dmarc rule there. I know of no other standard that requires this type of relationship. This is something new. It will require administrators to continually check what their sub- and supra-domains are doing in order to escape interference by DMARC records they did not create. I think this is unreasonable. Only domains interested in applying DMARC should be involved with DMARC. Others should be able to do what they want. I know that otherwise will out rule out DMARC for the "columbia.edu" domain that I administer. -- Joseph Brennan Lead, Email and Systems Applications Columbia University Information Technology _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
