On Mon 01/Aug/2022 00:12:45 +0200 Murray S. Kucherawy wrote:
On Sat, Jul 30, 2022 at 4:29 AM Alessandro Vesely <[email protected]> wrote:
On Fri 29/Jul/2022 19:44:28 +0200 John Levine wrote:
It appears that Alessandro Vesely <[email protected]> said:
In general, it is not possible to determine DNS zone cuts by querying
various subdomains. However, DMARC users define DMARC records at their
Organizational Domain, so it is possible to discover them based on that.
Sorry, but this is just wrong. DMARC and the tree walk have nothing,
and I emphasize nothing, to do with zone cuts.
I thought a zone cut marked the boundary where an organization
delegates control to another one. In many cases, that would be the
org domain, no?
Assume you have this zone file for "example.com":
example.com. IN NS ...
IN NS ...
_dmarc.marketing IN TXT ...
product.marketing IN TXT [SPF record here]
Now I send mail using the domain "product.marketing.example.com." It has
an SPF record, but no DMARC record. If we do the tree walk up one to "
marketing.example.com" and then prepend "_dmarc", we find a record. But
note that there are no NS records here, and hence no zone cut. There is,
however, a zone cut at "example.com" itself (naturally, since that's where
the registration occurs).
So this is an example of a DMARC record not coincident with a zone cut,
plus a zone cut with no coincident DMARC record. There is, therefore, no
guaranteed relationship.
Yes.
You could make the argument that you "usually" find DMARC records at zone
cuts, but that's relying on convention or happenstance rather than a
standards-quality framework.
I'd agree, except that our definition of Organizational Domain as one
label beyond a PSD (PSD+1) poses a semantic limit on that.
While we concentrate on existing scenarios, it may well happen that,
if DMARC algorithm sees widespread adoption, people will define
organizational boundaries that way, irrespective of actual DNS
control, as in your example.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
