John and Ale have talked about what role, if any, should be given to analyzing the common substring between an RFC5322.From domain and a verified SPF or DKIM domain. During my ruminations last night, I gained some clarity around that question and wanted to highlight those conclusions. They simplify the alignment search significantly:
- If the common substring is shorter than the Organizational Domain, then the names are not aligned and the candidate domain can be ignored. - Otherwise, if any candidate domain is a parent of (or equal to) the FROM domain, then and we have alignment and DMARC PASS. The secondary tree walk is not needed and no further evaluation is required. - If several candidate names are child domains of the FROM address, then only the shortest string needs to be evaluated with a secondary tree walk. If it is aligned, further evaluation is not required. If it is not aligned because of an organizational boundary, all other child domains are also excluded. I did not identify any optimizations for sibling domains, other than to look for parent and child matches first. Doug
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
