That sounds closer. I think Todd knows what he needs to change, so I'd prefer to see what goes into the document than to continue to tweak it.
Scott K On Thursday, January 20, 2022 12:18:03 PM EST Douglas Foster wrote: > So if the first tree walk stops at a a PSD=y policy, then the match string > used for alignment is the organizational domain, one segment down from the > PSD policy. Any SPF or DKIM domain must match or be a child of the > organizational domain, so there is no secondary tree walk, > > Does that correct the problem? > > > > On Thu, Jan 20, 2022 at 11:58 AM Scott Kitterman <[email protected]> > > wrote: > > On Thursday, January 20, 2022 9:57:48 AM EST Douglas Foster wrote: > > ... > > > > > -- If a policy is found with PSD=y, the domain does not participate in > > > DMARC but may need to be tested for non-existence. If the policy also > > > specifies NP=reject, query the next-lower domain name for a resource > > > record. If the DNS query result is NXDOMAIN, processing stops and the > > > DMARC policy is also "NXDOMAIN". (I recommend using NXDOMAIN as a > > separate > > > result code from REJECT, as it seems to be a stronger repudiation.) > > > > ... > > > > No. In this case policy discovery is complete and that's the policy that > > should be applied. Additionally, that's not how the np= tag works. > > > > All psd=y means is don't use this domain for determining alignment. For > > policy discovery it's like any other. > > > > Scott K > > > > > > _______________________________________________ > > dmarc mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
