On Mon 24/Jan/2022 15:40:01 +0100 John Levine wrote:
On Mon, 24 Jan 2022, Alessandro Vesely wrote:
This misses the point. It would be a good idea for a multi-tenant
domain to publish a PSD record to keep the tenants apart, just as
it would be a good idea to send a PSL pull request to keep them
from spoofing browser cookies, but I don't think it is a good idea
to depend on that. We know that at the TLD level, most TLDs won't
ever publish a PSD.
If we fear that some TLDs won't qualify their role, then it is wrong
to discourage setting psd=n for organizational domains. Setting
role=org is even more expressive, because it provides for role=sub
as well.
I think you're also missing the point -- most TLDs will never publish
any DMARC record at all. In that case, how could it make any
difference what tags they don't put in the records they don't publish?
For the time being, TLDs with a DMARC record can be counted on the
fingers of one hand, so they could be checked on a list. Still,
finding role=psd (or psd=y) adds more confidence to the heuristic.
The last domain with a DMARC record should be the org domain. Still,
finding role=org (or psd=n) adds more confidence to the heuristic.
I'm not opposed to the decision to switch from a PSL based heuristic
to a tree walk based one. I'm opposed to specifying an heuristic
which is worse than the previous one.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
