Fine. DMARC /specifies/ that the org domain MUST publish a record.
No, that's not what it says. If you encounter psd=y and go back one,
that can be an org domain without a record. It is currently possible
to have org domains without records and I see no reason to change that.
The reason to require an org record is that filters cannot determine that a
domain is an org domain without it. The only exception is domains registered
right below a PSD publishing psd=y. Otherwise the org domain is the last
(highest) DMARC record you found.
Ah, we agree. That's what I said.
Repeating the tree walk, we'd get a different result if we find psd=y at
_dmarc.f.c.d. Is that realistic?
Yes, of course it is. Look at some of the PSL entries.
I may be dumb, but I stared at the PSL for a few minutes and couldn't think
of non-aligned subdomains of an org domain.
Look at these two:
repl.co
id.repl.co
so the example would be a.b.repl.co and c.id.repl.co
There aren't a vast number like that but I see no reason to break them.
In the common case where one name is an ancestor of the other, the normal
DNS cache behavior will make the multiple tree walks effectively free.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
