If there was any confusion about the meaning of the old spec, this discussion seems to have highlighted the points where it needs clarification. To preserve v=1, we need to preserve the broader definition of same organization. But yes, the discussion diverged from "what does it say?" to "what should it say?"
My understanding of the concern is that some domain owners act as PSDs. I think we have addressed that concern with the PSD flag. Assume that "vendordomain.tld" is the service provider and his clients send as "clientname.clients.vendorname.tld". By setting the PSD flag on "clients.vendordomain.tld", the vendor ensures that each of his clients are handled as separate organizations. He can still email as "vendordomain.tld" and "othersubdomains.vendordomain.tld", but he will be unable to mail anything as "clients.vendordomain.tld" Of course, if he was not savvy enough to use a subdomain to serve as parent to the clients, the solution may not work. If his clients are "clientname.vendordomain.tld" and he sets the PSD flag on "vendordomain.tld", he ensures client separation, but he can no longer email using his own domain of "vendordomain.tld". This may not be a problem. My ISP uses ".net" as the TLD for clients, and ".com" for their own mail. The principle is that as long as the parent of the client domains is not used to send mail, the PSD flag keeps the clients separate. As I think Todd said, using an organization-level policy which requires strict matching will also help. Michael: Does this address all of your concerns, or is there more to consider? Doug Foster > >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
