On July 25, 2022 1:27:07 PM UTC, Alessandro Vesely <[email protected]> wrote: >On Mon 25/Jul/2022 12:56:02 +0200 Douglas Foster wrote: >> We had a discussion about domains that need to set both PSD=Y and PSD=N. >> It highlighted one of the problems with using a tag which implies mutual >> exclusivity when exclusivity does not apply. >> >> The stated solution was that when PSD=Y is found on the same-domain policy, >> then PSD=N is also assumed, which implies that strict alignment is also >> applied. This seemed like a reasonable solution. >> >> However, I cannot find any reference to this principle in the specification. >> What happened? > > >To impose strict alignment to PSDs which send mail was hypothesized in March. >Afterwards, the algorithm was changed by disregarding psd=y at step 2; that >is, on the domain input to the algorithm. Therefore, a sending (or signing) >PSD operates as part of its org domain. > >In an example I posted, I showed that mail.psd.org.example cannot work to >authenticate From: [email protected]. However, a sibling like >signing.org.example would be in relaxed alignment. > >I still think an example like this is clarifying, albeit unreal. > I agree. I do think unreal examples are generally counter productive.
I believe we were pretty much agreed on if a PSD sends mail for itself it has to use strict alignment. I think what we have specified is appropriate. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
