Concern 1 Of the several thousand private registry domains listed in the PSL, 45 have DMARC policies at or above the registry point. 40 of these 45 specify relaxed alignment for both DKIM and SPF. Upon activation of the tree walk, these policies will be treated as organizational domains to any private registry clients that have not published their own psd=y policy. Because of relaxed alignment, these private registry clients will be able to impersonate their siblings and parents and produce a DMARC result of PASS.
Concern 2 Since the longest current PSL entry has 5 segments, the longest organizational domain is 6 segments. The "jump to 5" logic needs to be changed to "jump to 6". Concern 3 The "psd=u" language is inconsistent. Which is true? "This token indicates that this policy is not an organizational domain,, the organizational domain is above this point" or "This token indicates no usable information, proceed with the heuristic to determine if this policy is the organizational domain" Doug Foster On Sun, Apr 17, 2022 at 4:54 PM Scott Kitterman <[email protected]> wrote: > I've finished going through this and also updated authheaders [1] to > match. It > now has a script called dmarc-policy-find which you can used to determine > the > DMARC policy to be applied for a domain. You can use RFC 7489, RFC 7489 + > RFC > 9091, and DMARCbis-07. > > It does currently cheat and assume psd=y is in the records for domains on > the > PSD DMARC registry list, since no one has actually published that yet. > > Scott K > > [1] https://github.com/ValiMail/authentication-headers (also on pypi) > > On Wednesday, April 6, 2022 12:27:04 PM EDT Scott Kitterman wrote: > > I believe it does. > > > > Thanks, > > > > Scott K > > > > On April 6, 2022 2:53:59 PM UTC, Todd Herr > <[email protected]> wrote: > > >I believe this rev has the proposed text that was submitted in various > > >messages in the thread titled "*5.5.4. Publish a DMARC Policy for the > > >Author Domain - dmarcbis-06"* > > > > > >On Wed, Apr 6, 2022 at 10:51 AM <[email protected]> wrote: > > >> A New Internet-Draft is available from the on-line Internet-Drafts > > >> directories. > > >> This draft is a work item of the Domain-based Message Authentication, > > >> Reporting & Conformance WG of the IETF. > > >> > > >> Title : Domain-based Message Authentication, > Reporting, > > >> > > >> and Conformance (DMARC) > > >> > > >> Authors : Todd M. Herr > > >> > > >> John Levine > > >> > > >> Filename : draft-ietf-dmarc-dmarcbis-07.txt > > >> Pages : 62 > > >> Date : 2022-04-06 > > >> > > >> Abstract: > > >> This document describes the Domain-based Message Authentication, > > >> Reporting, and Conformance (DMARC) protocol. > > >> > > >> DMARC permits the owner of an email author's domain name to enable > > >> verification of the domain's use, to indicate the Domain Owner's or > > >> Public Suffix Operator's message handling preference regarding > failed > > >> verification, and to request reports about use of the domain name. > > >> Mail receiving organizations can use this information when > evaluating > > >> handling choices for incoming mail. > > >> > > >> This document obsoletes RFC 7489. > > >> > > >> The IETF datatracker status page for this draft is: > > >> https://datatracker.ietf.org/doc/draft-ietf-dmarc-dmarcbis/ > > >> > > >> There is also an HTML version available at: > > >> https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-07.html > > >> > > >> A diff from the previous version is available at: > > >> https://www.ietf.org/rfcdiff?url2=draft-ietf-dmarc-dmarcbis-07 > > >> > > >> Internet-Drafts are also available by rsync at rsync.ietf.org: > > >> :internet-drafts > > >> > > >> _______________________________________________ > > >> dmarc mailing list > > >> [email protected] > > >> https://www.ietf.org/mailman/listinfo/dmarc > > > > _______________________________________________ > > dmarc mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/dmarc > > > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
