Based on our psl information, a private registry will be at DNS segment 3 or 4. If the PSO registration is at DNS segment 2, the private registry could be either one or two segments thick.
So the question is "How do I know which one applies?" The best solution is for the domain owner registrar to tell us, using a meaningful token like orgd=y. If course, we could tell evaluators to use our current best guess, which is that private registries will always be one segment thick. But that does not seem like a standards-track approach to the authentication problem. On Wed, Jun 29, 2022, 10:12 AM John R Levine <[email protected]> wrote: > On Wed, 29 Jun 2022, Alessandro Vesely wrote: > > Would you please show an example, realistic or not, where not stopping > for > > psd=y in step 2 leads to a useful result? > > Keeping in mind that this is an arcane corner case that affects perhaps a > few hundred of the 100,000 domains that are likely to publish DMARC > records, and it doesn't matter in practice: > > A site for aficionados of various kinds of pets: > > _dmarc.petlovers.com p=reject psd=u > _dmarc.cats.petlovers.com psd=y > _dmarc.dogs.petlovers.com psd=y > > A message from management: > > From: [email protected] > DKIM-Signature: d=petlovers.com > Subject: Dogs are bad > etc. > > I'm not saying this is particularly likely, but it's no less likely than > any other contrived psd=y scenario so I hope we can stop now and move on > to something more important. > > Regards, > John Levine, [email protected], Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
