I think we need something like the following.
On Mon 21/Mar/2022 21:50:42 +0100 internet-drafts wrote:
The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/
OLD 5.5.4. Publish a DMARC Policy for the Author Domain Once SPF, DKIM, and the aggregate reports mailbox are all in place, it's time to publish a DMARC record. For best results, Domain Owners SHOULD start with "p=none", with the rua tag containg a URI that references the mailbox created in the previous step. NEW (add or replace) 5.5.4. Publish a DMARC record for the Author Domain A DMARC record MUST be defined at the Organizational Domain, that is the shortest domain that belongs to the organization, see Section 3.2.7. This domain determines the alignment of the identifiers. The domain part of the aggregate reports mailbox also needs to be aligned, otherwise an additional DMARC record for external destination verification has to be defined. If any subdomain of the organization is used as an Author Domain, a DMARC record for that subdomain MAY be defined. For example, the subdomain may want a different policy or different reporting mailboxes. If a subdomain is independent from the organization, that is if the organization delegated control of the subdomain to another organization, then the former organization is a PSO. In that case, it is necessary to use the psd flag to break alignment, so that an organization cannot impersonate another one. Is that obscure enough? Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
