In the general case, we allow for this possible configuration:
public suffix domain segments
<organization boundary>
organization domain for public registration organization
subdomains of the organization
registration point for private registration clients
<organization boundary>
organization domain for private registration clients
subdomains of the client organization
If the candidate domain is a parent directly above the FROM organization
domain, the names are not aligned and no tree walk is necessary.
If the candidate MAILFROM or DKIM domain matches anything between the FROM
domain and its organization domain, they are aligned without a second tree
walk.
If the candidate domain is a child directly below the FROM domain, then a
tree walk is necessary, to check for an organization boundary. The search
stops at the FROM domain. If a boundary is found, they are not aligned, if
none is found, they are aligned.
If the candidate domain is not in a parent-child relationship with the FROM
domain, then a string compare can identify the junction domain where the
siblings come together. If the junction point is above the organization
domain, the names are not aligned and no tree walk is needed. Otherwise,
a tree walk is needed to check for an organization boundary. The walk
proceeds until it reaches the higher of the junction domain or the FROM
domain.
Doug
On Thu, Mar 17, 2022 at 6:03 AM Alessandro Vesely <[email protected]> wrote:
>
>
> No, we don't repeat the walk for each identifier. On a mail From:[email protected],
>
> assume we have already determined that the org domain is c.d. Then there
> is a
> signature with d=e.f.c.d. It is aligned based on string comparison.
>
> Repeating the tree walk, we'd get a different result if we find psd=y at
> _dmarc.f.c.d. Is that realistic?
>
>
> Best
> Ale
> --
>
>
>
>
>
>
>
>
> _______________________________________________
> dmarc mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dmarc
>
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
