On March 24, 2022 12:01:39 PM UTC, Alessandro Vesely <[email protected]> wrote: >On Wed 23/Mar/2022 12:08:16 +0100 Douglas Foster wrote: >> But we do have a difference between PSOs, which never send mail, and private >> registrars, which may or may not send mail from the domain or subdomain used >> as >> a private registration point. It seems desirable to resolve this ambiguity >> so >> that we can reliably know that a true PSO cannot be impersonated, while >> allowing private registrars to document their configuration. >> >> A "sendsmail=(y,n)" indicator would accomplish this purpose. > > >For documentation purposes, although I'd have preferred meaningful, explicit >tokens, if people much more experienced than me insist that obscurity is >advisable in this case, I don't agree but I accept it. > >For security, a private registrar should set psd=y. If it sets psd=n, it >forces all registrants below that point to do the same. If the From: domain >has psd=y, you know that they send mail because you received it. In that >case, >it can only authenticate by strict alignment. > >Perhaps, we could advise private registrars that they had better use an >intermediate label with psd=y as a registration point if they want more DMARC >flexibility at their base domain.
Based on the current draft, this is not correct. An exact match is the org domain, even if PSD=y, so even if the policy uses the relaxed alignment approach, it will still be aligned. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
