I asked this question because I have concluded that NP is only meaningful for registrar policy records, to identify unregistered organizations.
For subdomains of registered organizations, SP=reject protects both existent and non-existent domains. This means that a NP policy would only be relevant when sp=none and np=reject. However, we can assume that a malicious impersonator will make an intelligent choice among his options, based on what he perceives as most likely to succeed. That order of priority would reasonably be: organization, mail-sending subdomain, non-mail but existent subdomain, and finally, non-existent subdomain. At the same time, it is difficult to assume that any theoretical expectation will remain valid across many spammers and billions of messages. In my limited study, I only see non-existent subdomains used for legitimate mail. Since no one has submitted evidence to the contrary, I feel emboldened that my theory may indeed be correct. If non-existent subdomains of legitimate organizations are being impersonated on a scale worthy of checking every message, I would expect that we could find evidence of it. Google and Microsoft have not weighed in, however. I wish they would, Doug On Thu, Mar 3, 2022 at 7:07 AM Douglas Foster < [email protected]> wrote: > I am looking for data about a particular type of non-existent domain. > > The PSD spec addresses the problem of non-existent organizations. > Evaluators could extend that initiative by using the PSL to check for any > non-existent organization domain, without limiting the test to DMARC > participating registrars. > > What about non-existent subdomains of existent organizations? We > certainly could define a special test for this situation, but would it be > useful? > > Can someone produce evidence of a spammer using an RFC53322.FROM address > for a non-existent subdomain of a registered domain, on at least one > message? It would be interesting to also know the DMARC policy that > applied to the message, if available. > > Doug Foster > >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
