On Tue, Jan 19, 2021 at 4:34 AM Douglas Foster < [email protected]> wrote:
> I raised objections to the definition of "non-existent", which never > received an adequate response before the discussion went silent. > > DMARC checks the From header address, which may exist only as an > identifier used for mass mailings. These mailings are often sent by an > ESP using an unrelated SMTP address. As such, the From address need not > be associated with any A, AAAA, or MX record. I assert that the only > viable definition of non-existent is "not registered", as evidenced by > absence of an NS record. > This is a discussion of DMARC, not of PSD, right? DMARC defines this test in an Appendix, and then makes it non-mandatory. PSD says to apply that test for domains that request it. Hooking this test up to registration requires introducing RDAP or something similar. Is that what we're talking about here? I don't believe the proposed definition of "non-existent" is reliably true > even in the special case of interest for this document, impersonation fraud > occurring at the top of an organizational structure. Example.PSD may > legitimately use mail.Example.PSD for email and www.example.psd for web. > If the proposed condition MUST always be true, I have not seen that fact > demonstrated. Since the document raises a general concern about > fraudulent use of non-existent domains, the definition used should be one > that can be generalized., > This sounds like something that should be solved in DMARC, not PSD, but naturally consensus wins here, so have at it. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
