It appears that Scott Kitterman <[email protected]> said: >> 1. Take your domain, chop it to the last five labels if it's longer than >> that. >> >> 2. Walk up the tree starting at the original domain, and at each level look >> for a DMARC record. >> >> 3. If you find one with a psd flag, stop. >> >> 4. If you find one without a psd flag, remember it and keep going. >> >> 5. If you reach the root, stop. >> >> If you found a record with psd=n, that is the org domain. >> >> If you found a record with psd=y, the label below it is the org domain. >> >> Otherwise the org domain is the last DMARC record you found. >> >> The rest doesn't change: >> >> The policy domain is the original domain if it had a DMARC record, >> otherwise the org domain. The org domain might not have a DMARC >> record. Relaxed alignment still means that two names have the same org >> domain. >> >> If you found no records at all, there is no org domain and no policy but so >> what, there's nothing to do. > >Yes, with the minor proviso that is it's longer than 5, you would start with >the exact match and then jump to 5, but that's a detail.
Right, that's what I meant. There may be a few other corner cases, e.g., if the original domain had psd=y, I think you ignore the psd flag since there's no lower domain that could be the org domain, or maybe perversely pretend it was psd=n so it is its own org domain. That allows the PSDs that have mail servers to continue to work no worse than now. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
