In the interests of precision, since many domains won't have five labels,
would you support the following?
"and ends no more than five labels above the From domain if no DMARC
records have been found."
Sure.
[ tree walk starting at the From domain ]
I took another look at Scott's original message, and now I'm trying to
figure out if there are situations where an upward vs downward tree walk
will make a significant difference and the downward walk is a surpsise.
Consider the domain us.com which acts as a pseudo-registry, and say we
have these records for their customer cust.us.com
_dmarc.com NXDOMAIN
_dmarc.us.com something (it has an MX)
_dmarc.cust.us.com something (it also has an MX)
_dmarc.sales.cust.us.com NXDOMAIN
They send a messge from sales.cust.us.com. If you believe the PSL, the
org domain is cust.us.com. If you do an upward tree walk, the first DMARC
record is cust.us.com. If you do a downward tree walk, ???
I suppose _dmarc.us.com should have psd=y but it's also a domain that
sends and receives mail. This sort of ambguity is surprisingly common.
For extra excitement, imagine the mail is from mail.cust.svc.firenet.ch,
where the PSL says the org is cust.svc.firenet.ch.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
