On Mon 21/Mar/2022 17:46:43 +0100 John R Levine wrote:
After thinking once more, it should be:
_dmarc.a.users.scale.virtualcloud.com.br v=DMARC1 (possibly)
_dmarc.users.scale.virtualcloud.com.br v=DMARC1; psd=y
_dmarc.scale.virtualcloud.com.br NO DATA
_dmarc.virtualcloud.com.br v=DMARC1
And maybe
_dmarc.com.br v=DMARC1; psd=y
Maybe it's me, but it doesn't look straightforward at all.
It's straightforward enough.
I think I was fooled by the idea that psd=y belongs to domains nearer to the
root.
It's not obvious to me whether the org domain for
users.scale.virtualcloud.com.br should be users.scale.virtualcloud.com.br or
virtualcloud.com.br but I don't think it matters. Situations like that, a PSD
which is also a mail domain, are very rare and since the PSD has a DMARC
record, one probably doesn't need to use its org domain to do DMARC checks.
Perhaps we can say that the result of doing relaxed alignment on a domain with
psd=y is undefined, i.e., "don't do that."
Hm, apparently yes. According to the definition, two identical domains having
psd=y are in strict alignment but not in relaxed alignment, which is somewhat
counterintuitive.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
