It appears that Alessandro Vesely <[email protected]> said: >If they have MX and non-trivial SPF records, they probably are using the >domain >to send and receive mail. Yet, they also host independent subdomains. IMHO, >we should trait [email protected] as a regular domain, without the limitations we >apply to PSDs. At the same time we should allow cust.us.com to claim >independence from us.com, as far as DMARC is involved.
So far so good. > We need to allow org=y. If you mean we can allow DMARC records to contain org=y which evaluators ignore, sure. Otherwise no, it's painfully not backward compatible. >In the quoted scenario, assuming "something" is a DMARC record without flags, >a >tree walk delivers us.com as the org domain. To avoid BEC, there must be a >transition period during which mail filters check the PSL in such cases; that >is, in the absence of flags. Um, surely you've been around long enough to know that "transition period" means "forever". Just treat the first DMARC record you find in an upward walk as an org. It seems to me that will get the desired result at least as often as the PSL does, and does not require an incompatible flag or a forever period. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
