On Wed 23/Mar/2022 12:08:16 +0100 Douglas Foster wrote:
But we do have a difference between PSOs, which never send mail, and private
registrars, which may or may not send mail from the domain or subdomain used as
a private registration point. It seems desirable to resolve this ambiguity so
that we can reliably know that a true PSO cannot be impersonated, while
allowing private registrars to document their configuration.
A "sendsmail=(y,n)" indicator would accomplish this purpose.
For documentation purposes, although I'd have preferred meaningful, explicit
tokens, if people much more experienced than me insist that obscurity is
advisable in this case, I don't agree but I accept it.
For security, a private registrar should set psd=y. If it sets psd=n, it
forces all registrants below that point to do the same. If the From: domain
has psd=y, you know that they send mail because you received it. In that case,
it can only authenticate by strict alignment.
Perhaps, we could advise private registrars that they had better use an
intermediate label with psd=y as a registration point if they want more DMARC
flexibility at their base domain.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
