On Thu 04/Nov/2021 04:09:37 +0100 Douglas Foster wrote:
Ale asks:
Hm... but PSDs don't seem to gain any extras by letting receivers know they're
a PSD, do they?
I think they do. They get the benefits of name protection which DMARC
previously afforded only to organizational domains and subdomains, which I
would expect them to consider very valuable. While the publicsuffix.org
<http://publicsuffix.org> provides some protection, I would think they should
prefer transferring control of their status from the volunteers to themselves.
"I am a PSD means" four things:
1. "If you see a message with an SMTP address that uses my PSD name, it is
fraudulent and should be blocked."
2. "If you see a message with a FROM header that uses my PSD name, it is fraudulent
and should be blocked."
3. "If you see a DKIM signature that uses my PSD name, it will not verify because
the public key will be missing, but it is not merely unverified material to ignore, it
is positive evidence of a fraud attempt."
4. "If you are doing DMARC alignment testing, don't match on my PSD name, You are
not looking at an organization record."
I agree those four make for a commendable behavior, but they are not really
incentives. IOW, lazy PSD might take years to comply.
A related question is whether there is any incentive for malicious use of the
"I'm a PSD" flag by entities that are not actually PSDs. Since the only
effect of this flag is to cause mail to be blocked, I do not see any such
incentive, so I do not see any risk.
I do, because John reported a link to the PSL wiki where they complain of ISPs
striving to get on the PSL.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
