On Thu 17/Mar/2022 23:40:37 +0100 Douglas Foster wrote:
In the general case, we allow for this possible configuration:
public suffix domain segments
<organization boundary>
organization domain for public registration organization
subdomains of the organization
registration point for private registration clients
<organization boundary>
organization domain for private registration clients
subdomains of the client organization
I think you mean hybrid cases like us.com, where X.us.com and Y.us.com are
distinct organizations, and mail from [email protected] is also possible.
If the candidate domain is a parent directly above the FROM organization
domain, the names are not aligned and no tree walk is necessary.
If the candidate MAILFROM or DKIM domain matches anything between the FROM
domain and its organization domain, they are aligned without a second tree walk.
If the candidate domain is a child directly below the FROM domain, then a tree
walk is necessary, to check for an organization boundary.
For example, From: [email protected], org=us.com, d=X.us.com should not be aligned
because there is a boundary in between. Yet, we're unable to find that
boundary. Even using the PSL, us.com, like com alone, shouldn't be a From: domain.
Presumably, we should state that if the From: domain has psd=y, then alignment
must be strict.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
