On April 22, 2022 7:35:29 AM UTC, Robert <[email protected]> wrote:
>In section 4.8. Organizational Domain Discovery, we have:
>
> Note: There is no need to perform Tree Walk searches for
> Organizational Domains under any of the following conditions:
>...
> * There is no SPF pass result and no DKIM pass result for the
> message. In this case, there can be no DMARC pass result, and so
> the Organizational Domain of any domain is not required to be
> discovered.
>
>---
>We would still want to find a record to know who to send failure
>reports to no? And this would involve some sort of tree walk if the
>MAIL FROM doesn't have a record. Should it be changed to something it
>like:
>
> * There is a DMARC record at the RFC5321.MailFrom domain and there
> is no SPF pass result and no DKIM pass result for the
> message. In this case, there can be no DMARC pass result, and so
> the Organizational Domain of any domain is not required to be
> discovered.
I agree the current text is a problem.
This case is guaranteed not to pass, so you would need to know what policy to
apply. There's another item in the note that addresses the portion of this
case where the 5322.From domain has a DMARC record. If the 5322.From domain
doesn't have a DMARC record then we do need to find the org domain to determine
the policy to apply. I think this should be deleted, not modified.
Scott K
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
