On Wednesday, February 16, 2022 6:52:42 PM EST John Levine wrote: > > 5. > > > > Count the number of labels found in the subject DNS domain. Let that > > number be "x". If x < 5, remove the left-most (highest-numbered) label > > from > > the subject domain. If x >= 5, remove the left-most (highest-numbered) > > labels from the subject domain until 4 labels remain. The resulting DNS > > domain name is the new target for subsequent lookups. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section > > -4.5-4.5.1> > This says that if the name is more than six labels deep, you immediately > jump to the five label super-parent to start the tree walk. What I > originally intended was to walk five labels and then stop, e.g. > > h.g.f.e.d.c.b.a > g.f.e.d.c.b.a > f.e.d.c.b.a > e.d.c.b.a > d.c.b.a > > I don't feel strongly either way and since there are close to zero valid > domain names with more than six labels, it makes little practical > difference, but we need to be sure we agree which one we mean.
This goes back to October last year. See starting at: https://mailarchive.ietf.org/arch/msg/dmarc/Bpi5FsMgkdM_EutFameAGvcg8-I/ Date: Fri, 29 Oct 2021 10:03:06 -0400 Message-ID: <2499275.yImaVS0A6X@zini-1880> Subject: [dmarc-ietf] Nature of the PSL as related to DMARC, was: Re: Topic for IETF 112 - Policy Discovery Although you did talk me out of the private domain suggestion I made in that email, but recollection is that because the longest "real" PSL entry was four deep, jumping to 5 and going from there would cover all the real cases and not have any potential for weird results if forged email used a large number of sub-domain levels to try to avoid DMARC. I had thought we were in agreement on that point. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
