Since some of you have a default value, and I do not, we must not have a shared understanding of the underlying algorithm. I will document mine, perhaps one of you can explain your alternative.
Since we lack consensus about psd=(y|n|u), I will use symbolic tokens, with these equivalences: <registrar policy> (psd=y) <organization default policy> (psd=n) <single-domain policy> (psd=u) My Algorithm: Primary Tree Walk The primary tree walk searches for the Organization Domain of the From address. When an untagged policy is found, the name and policy are cached as candidates for the organizational domain and default policy. The walk proceeds up the tree. If the next domain upward is untagged, it is ignored and the walk proceeds up the tree with the cached information from previous steps. If the next policy found is also untagged, the previous policy is interpreted as a <single domain policy> and therefore not of interest. The current domain and policy are cached as the new candidates for organizational domain and default policy. The walk proceeds. If the next policy found is tagged as <organizational default policy>, then the cached domain and policy are interpreted as a <single domain policy> and therefore not of interest. The current domain and policy become the confirmed organizational domain and default policy. The walk terminates. After an untagged policy, if the next domain up the tree is tagged as a <registrar policy>, then the cached domain is the organization domain and the current domain is the default policy. However, if there is an intervening domain with no policy, the results are ambiguous. The organization and its registrar are not compliant with DMARCbis. Either way, the walk terminates. After an untagged policy, if the walk proceeds all the way to the TLD without finding another policy, then the cached domain and policy are selected as the organizational domain and policy. Secondary Tree Walk The secondary tree walk checks for presence or absence of a private registrar between the candidate domain and the From address organizational domain. Private registrations can only be detected if their policies are explicitly tagged. Consequently, a domain without a policy, a domain tagged with a <single-domain> policy, or a domain with an untagged policy are treated equally. Alignment is not disproven, so the walk continues up the tree to the termination point. If any domains are tagged as <organization default policy> or <registrar policy>, then the domains are not aligned and the walk terminates so that the next candidate domain can be evaluated. Doug Foster On Thu, Mar 24, 2022 at 1:45 PM Murray S. Kucherawy <[email protected]> wrote: > On Tue, Mar 22, 2022 at 10:35 AM Ken O'Driscoll <ken= > [email protected]> wrote: > >> Having different behaviour for the absence of the tag and the default >> value will be unnecessarily confusing and not intuitive. >> > > I'm confused. In the absence of the tag, don't you apply the default? > That is, aren't these necessarily the same thing? > > -MSK > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
