It appears that Alessandro Vesely <[email protected]> said: >> To find the org domain for a domain: >> chop the domain to the last five labels and walk up the tree. >> stop when you find a DMARC record with psd or you hit the root. >> if a record has psd=n, that's the org domain >> if a record has psd=y and it isn't the original domain, the org domain is >> the one below it >> otherwise the org domain is the last (highest) DMARC record you found > > >Fine. DMARC /specifies/ that the org domain MUST publish a record.
No, that's not what it says. If you encounter psd=y and go back one, that can be an org domain without a record. It is currently possible to have org domains without records and I see no reason to change that. They're not terribly useful, but they're not useless. >> Relaxed alignment doesn't change, if two domains have the same org domain, >> they're aligned. >On a mail From:[email protected], >assume we have already determined that the org domain is c.d. Then there is a >signature with d=e.f.c.d. It is aligned based on string comparison. >Repeating the tree walk, we'd get a different result if we find psd=y at >_dmarc.f.c.d. Is that realistic? Yes, of course it is. Look at some of the PSL entries. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
