On Fri 21/Jan/2022 15:20:17 +0100 Douglas Foster wrote:
Your idea is brilliant - search for a policy that applies to both the FROM
domain and the other domain name. If it is not a PSD policy, then the two
names are aligned. It eliminates the PSL while also creating no need for PSD
policies.
I think you misunderstood both my idea and the role of PSD policies.
Let me try and explain it algorithmically:
0. Set Domain = the From: domain
Set policy = not found.
1. Lookup _dmarc.Domain.
If it has a DMARC record:
If Domain is the From: domain or Domain has role=org:
Set policy found.
If Domain has role=psd, they're not aligned. Stop.
If Domain matches d=, they're aligned.
If one of d= and Domain is a subdomain of the other (by string
comparison), they're aligned.
If policy was set:
Stop.
2. Set Domain = Domain's parent or 5-label grandparent.
If not empty string,
Go to 1.
If you find no role=org tags, then, after walking the tree, you can assume
role=org for the last policy found. A role=sub only serves to avoid that
assumption.
Note that you need an extra lookup for _dmarc.com or whatever. In exchange,
you never have to walk up the d= or the spf trees.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
