On May 1, 2022 11:25:02 PM UTC, Neil Anuskiewicz <[email protected]> wrote: > On Apr 24, 2022, at 8:57 PM, Scott Kitterman <[email protected]> wrote: >> >> For cases where strict alignment is not appropriate, this issue can be >> mitigated by periodically checking the DMARC records, if any, of PSDs >above >> the organization's domains in the DNS tree and (for legacy [RFC 7489] >checking >> that appropriate PSL entries remain present). If a PSD domain publishes a >> DMARC record without the appropriate psd=y tag, organizational domain >owners >> can add psd=n to their organizational domain's DMARC record so that the >PSD >> record will not be incorrectly evaluated to be the organizational domain. > >Though the risk’s low, “periodically checking the DMARC records, if any” >isn’t particularly reassuring. It’s like saying periodically give your >pilot a breathalyzer. :-)
I agree, although in this case it can be automated. Similarly, periodically checking the PSL under the current scheme would be a good idea and not hard to do. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
