Alternative token design.
Boundary=A (Above only) Literal: The domain owner asserts that an organizational/administrative boundary exists between the current domain and its parent, meaning the domain and its parents are not aligned for relaxed authentication. No boundary exists immediately below this domain, so its child domains are aligned with it for relaxed authentication. Role: An Organizational Domain PSL Equivalent representation: The domain does not exist in the PSL, or is listed with negation. The parent domain is listed in the PSL, and without negation. Tree walk significance: The tree walk always stops on Boundary=A, as this domain is the organizational domain and provides the default policy. PSD=token equivalent: “psd=n” Boundary=N (None, Neither) Literal: That domain owner asserts that the domain does not have any adjacent organizational/administrative boundaries. Role: An organizational subdomain. PSL Equivalent representation: : The domain does not exist in the PSL. The parent domain is also not listed, or listed with negation. Tree walk significance: The domain owner has indicated awareness of DMARCbis. The tree walk will end on domain with a DMARC policy and a “Boundary=A” term. If an explicitly tagged organizational domain policy is not found, the result is PERMERROR and the evaluator is recommended to fall back to strict alignment. PSD=token equivalent: None Boundary=2 (Both above and below) Literal: The domain owner asserts that an organizational/administrative boundary exists both immediately above and immediately below this domain. Consequently, an exact match is required for alignment. Role: All Public Suffix Domains and many Private Registry domains. PSL Equivalent: Both the current domain and its parent are listed in the PSL, both without negation. Tree walk significance: The tree walks stops. If this is the exact-match domain, the organizational domain and default policy are from this record. If this domain is encountered subsequently during the tree walk, the walk stops, the current domain policy is the default policy but the immediately lower child domain is the organizational domain for relaxed alignment. PSD=token equivalent: Nothing provides a complete equivalence, but PSL=Y is used as an approximation. Boundary=B (Below only) Literal: The domain owner asserts that an organizational/administrative boundary exist between this domain and its child domains, so its child domains are not aligned for relaxed authentication. No organizational/administrative boundary exists above this domain, so this domain can participate in relaxed alignment with its immediate parent. Role: A private registry whose parent domain is in the same organization. PSL Equivalent: The current domain is listed in the “Private Registry” section of the PSL, without negation. The parent domain is not listed at all. Tree walk significance: If encountered on the exact-match domain, the domain is treated the same as “Boundary=N”, and the tree walk proceeds upward. If encountered subsequently during the tree walk, the domain is treated the same as “Boundary=2”: the Tree Walk stops, the current domain policy becomes the default policy but the immediately lower child domain is the organizational domain for relaxed alignment. PSD=token equivalent: : Nothing provides a complete equivalence, but PSL=Y is used as an approximation. DMARC policy with no Boundary=token term Literal: The domain owner has not added new information in support of DMARCbis to his policy. The presence or absence of organizational/administrative boundaries must be inferred. Role: Not stated and therefore not known with certainty. PSL Equivalent: None. The PSL lookup always returns a result. Tree Walk significance: Information about this policy is stored, the Tree Walk continues upward, and an inference is made when the Tree Walk is complete. PSD=token equivalent: “psd=u” Domain with no DMARC policy Literal: The domain owner has not attached a DMARC policy to the current domain. Role: Not stated and therefore not known with certainty. PSL Equivalent: None. The PSL lookup always returns a result. Tree Walk significance: Information about this policy is stored, the Tree Walk continues upward, and an inference is made when the Tree Walk is complete. PSD=token equivalent: Not applicable. Since no policy is present, no tokens are present in that policy.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
