On Tue 22/Feb/2022 13:09:12 +0100 Douglas Foster wrote:
On Tue, Feb 22, 2022 at 3:57 AM Alessandro Vesely <[email protected]> wrote:
On Mon 21/Feb/2022 23:55:56 +0100 Douglas Foster wrote:
To accurately identify PSD policies, we have two choices:
- assume that PSDs will add the "psd=y" flag to their policies prior to
publication, or
- declare that the "NP" clause is the PSD indicator, meaning
(a) it indicates that the first child domain without an NP term is an
organizational domain, and that organization must pass an existence test to
verify registration.
I don't see why an org domain, or any domain, cannot specify NP. To me, a non
existing From: domain is such an obvious abuse indicator that could have been
the default (as it actually has been, IIRC.)
Non-existent organizations and non-existent FROM domains are very different
tests.
It is the From: domain. It can be nosub.havenbank.bank (whose parent domain
exists) or credit-suisse.bank (which doesn't exist). In either case, np= applies.
Relaxed alignment allows for the FROM domain to be non-existent
on legitimate messages, and mailers take advantage of that feature. This
distinction was part of my long-running fixation on changing the NP clause
of the PSD experiment. I think if you check your message logs, you will
be able to confirm this situation.
Since the PSD experiment was rolled out without the "psd=y" term, making a
clear distinction between NP and NX solves two problems.
That creates a new problem. You'd need to restrict use of NP. Domains that
wish to use it, according to rfc9091, could no longer do so.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
