Re: [dmarc-ietf] 5.5.4. Publish a DMARC Policy for the Author Domain - dmarcbis-06

Tue, 05 Apr 2022 15:52:56 -0700 

On Monday, April 4, 2022 5:44:46 PM EDT John Levine wrote:
> It appears that Scott Kitterman  <[email protected]> said:
> >I think the attached addresses this.  I also tried to make it clear that if
> >there's only one domain (common 5322.From, 5321.MailFrom, and d=), then no
> >tree walk is needed.
> 
> Is that right? Let's say all three domains are sales.foo.com, there is
> no DMARC record _dmarc.sales.foo.com, but there might be one at
> _dmarc.foo.com.  I think you need to do the tree walk to find the policy.
> 
> This is less urgent, but between steps 7 and 8 8 in 4.6, I'd say that
> if you find a record with psd=y or psd=n you stop the tree walk, since
> nothing above that is relevant.

I agree on the first point.

I'd suggest we change the first point in the note for 4.8.

Was:

   *  The RFC5322.From domain and the RFC5321.MailFrom domain (if SPF
      authenticated), and/or the DKIM d= domain (if present and
      authenticated) are all the same.  In this case, this common domain
      is treated as the Organizational Domain.

Is:

   *  The RFC5322.From domain and the RFC5321.MailFrom domain (if SPF
      authenticated), and/or the DKIM d= domain (if present and
      authenticated) are all the same  and that domain has a DMARC record.
      In this case, this common domain is treated as the Organizational
      Domain.

Adding "and that domain has a DMARC record" as a condition for not doing the 
tree walk should be sufficient.

For the second point, I think that's accurate, but I don't really think we 
need to standardize the optimization.  If I'm using an async DNS resolver, I 
would implement firing off all the necessary queries and then evaluating them 
once I have the answer.  I don't think we'd want to require (or appear to 
require) anyone to do a single query and evaluate the result before doing the 
next query.  That could be several times slower and at scale that typically 
will be more important than the extra DNS queries.

I'm not going to post another proposed revision for the above change, I think 
Todd can just incorporate that for the next revision.

Scott K


_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to