No. Please explain why you think I'm proposing that? I'm reasonably confident I haven't.
Scott k On Wednesday, February 23, 2022 7:10:37 AM EST Douglas Foster wrote: > Do you propose that we ignore private registrars completely? > > Doug > > On Tue, Feb 22, 2022 at 11:09 PM Scott Kitterman <[email protected]> > > wrote: > > On Monday, February 21, 2022 6:45:09 PM EST John Levine wrote: > > > It appears that Scott Kitterman <[email protected]> said: > > > >Today, if I send mail from 5322.From example.kitterman.com that is > > > > signed > > > > > >by dkim.kitterman.com, if example.kitterman.com has a DMARC record, > > > > then > > > > > >that would be the policy domain, but the message would meet the > > > >requirement for relaxed alignment because both example.kitterman.com > > > > and > > > > > >dkim.kitterman.com have the same org domain (kitterman.com). I don't > > > >think what I'm proposing is any different. > > > > > > It looked like the tree walk to find the policy domain was different > > > from > > > the one to find the org domain. If they're the same, that makes things > > > > > simpler and we now have to nail down exactly what that tree walk is: > > first > > > > > record, last record before a PSD? > > > > > > This would be easier if we could count on PSDs to put psd=y in their > > > > records > > > > > but I fear it will be a long time until that happens reliably. > > > > The problem with last record before a psd=y record is you never know when > > you > > are done. > > > > Currently you could have: > > > > a.b.c.org.psd.com > > > > 'org' is the org domain. In RFC 7489 terms it's PSL + 1, so org domain is > > org.psd.com. If you tree walk up you'd check (skipping b.c.d.org.psd.com > > because you skip up to the one that's five long): > > > > _dmarc.a.b.c.d.org.psd.com > > _dmarc.c.d.org.psd.com > > _dmarc.d.org.psd.com > > _dmarc.org.psd.com > > _dmarc.psd.com > > _dmarc.com > > > > Except in the rare case that _dmarc.psd.com has a psd=y record you have > > to go > > all the way to the top to know which is the last non-psd=y record. If > > someone > > publishes records based on the RFC 7489 approach, only a.b.c.d.org.psd and > > org.psd's records are consulted, so there's no reason to publish for the > > intermediate domains unless they send mail too. Going from found a DMARC > > record to didn't find a DMARC record doesn't tell you anything. If you > > tree- > > walk down the tree then you look up: > > > > _dmarc.com > > _dmarc.psd.com > > _dmarc.org.psd.com > > > > and you are done. Admittedly this is just mostly an efficiency hack. You > > can > > get the same result either way. It does seem awkward to me to do all the > > lookups in order to find out when to stop. I like walk up for policy and > > walk > > down for org domain determination, but it's not essential. > > > > Scott K > > > > > > _______________________________________________ > > dmarc mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
