On Thursday, February 24, 2022 12:46:13 PM EST John Levine wrote: > It appears that Scott Kitterman <[email protected]> said: > >> 1. Take your domain, chop it to the last five labels if it's longer than > >> that. > >> > >> 2. Walk up the tree starting at the original domain, and at each level > >> look for a DMARC record. > >> > >> 3. If you find one with a psd flag, stop. > >> > >> 4. If you find one without a psd flag, remember it and keep going. > >> > >> 5. If you reach the root, stop. > >> > >> If you found a record with psd=n, that is the org domain. > >> > >> If you found a record with psd=y, the label below it is the org domain. > >> > >> Otherwise the org domain is the last DMARC record you found. > >> > >> The rest doesn't change: > >> > >> The policy domain is the original domain if it had a DMARC record, > >> otherwise the org domain. The org domain might not have a DMARC > >> record. Relaxed alignment still means that two names have the same org > >> domain. > >> > >> If you found no records at all, there is no org domain and no policy but > >> so > >> what, there's nothing to do. > > > >Yes, with the minor proviso that is it's longer than 5, you would start > >with the exact match and then jump to 5, but that's a detail. > > Right, that's what I meant. > > There may be a few other corner cases, e.g., if the original domain > had psd=y, I think you ignore the psd flag since there's no lower > domain that could be the org domain, or maybe perversely pretend it > was psd=n so it is its own org domain. That allows the PSDs that have > mail servers to continue to work no worse than now.
Yes. That's another one. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
