It appears that Scott Kitterman <[email protected]> said: >> It looked like the tree walk to find the policy domain was different from >> the one to find the org domain. If they're the same, that makes things >> simpler and we now have to nail down exactly what that tree walk is: first >> record, last record before a PSD? ...
>lookups in order to find out when to stop. I like walk up for policy and walk >down for org domain determination, but it's not essential. Hold it, this is a very incompatible change from 7489. As it stands now, the policy domain is either the domain itself or the org domain. You appear to be proposing that the policy domain might be the domain itself, or the org domain, or some other domain in between if it has a DMARC record. If that's not the proposal, can you clarify? I also realize that walking down doesn't save any work since there may be more than one PSD. For example [email protected] uk psd ac psd camb DMARC and org cst DMARC If you walk down, and you stop at "uk" you'll get the wrong answer. You have to keep going because you don't know whether there might be another PSD. If you walk up you can always stop at the first PSD and get the right answer. If we agree to jump up to the 5th label for longer names, neither direction will do more than five lookups, but walking up is a lot easier to explain. If there is more than one DMARC record between the original name and the top or a PSD, there is still the question of when to use the first (lowest) and when to use the last. My proposal is that we always use the first, for policy, for relaxed alignment, for what we call an org domain, for everything else. It's easy to explain, and it makes the foo.us.com hack less likely. R's, JOhn _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
