This question probably has an obvious answer, but asking for
clarification on this - Policy difference aside, in this example
provided, does this mean with the Treewalk behavior, cuny.edu's DMARC
feedback addresses that differ from the subdomain's would stop getting
the sub's DMARC reports?
- Mark Alley
On 2/23/2023 6:13 PM, John R. Levine wrote:
I haven’t done extensive research but here is a live example where
treewalk will cause a result change.
From: is in the domain Ret.bmcc.cuny.edu which has no DMARC record.
_dmarc.bmcc.cuny.edu. 300 IN TXT "v=DMARC1; p=quarantine;
fo=1;
rua=mailto:[email protected];
ruf=mailto:[email protected]";
_dmarc.cuny.edu. 3325 IN TXT "v=DMARC1;" "p=none;"
"rua=mailto:[email protected],mailto:[email protected];";
"ruf=mailto:[email protected],mailto:[email protected];";
"fo=1"
Good catch, although in this case I think the most likely result is
that the people at bmcc.cuny.edu will say "who set up
Ret.bmcc.cuny.edu?" I see that bmcc.cuny.edu and cuny.edu both use
Proofpoint in front of O365, while Ret.bmcc.cuny.edu goes directly to
O365. There's some other strangeness; www.cuny.edu is a CNAME for
web.cuny.edu which has an MX to mail-relay.cuny.edu. which has 7 A
records pointing to machines running sendmail.
It might be interesting to set up a web page where you can put in a
mail domain and it'll tell you whether its treatment will change with
the tree walk.
Regards,
John Levine, [email protected], Primary Perpetrator of "The Internet for
Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
