Are we *again* questioning the tree walk, which is, recall, a settled issue?
Barry On Sun, Jun 11, 2023 at 7:53 AM Douglas Foster <[email protected]> wrote: > > Given that the PSL is subject to errors, it is reasonable to warn senders that > > "Because of the risk of PSL errors, some evaluators MAY NOT accept some or > all forms of relaxed alignment as acceptable authentication." > > Technically, this is just stating the obvious, since evaluators MAY do > whatever they want. Then the inference from that warning is: > > "Senders SHOULD avoid configurations that depend on the PSL for > authentication. This is accomplished by publishing a DMARC policy on both > the organizational domain and any mail-sending subdomains, and by using > strict alignment on those policies." > > But strict alignment will be burdensome for some configurations, so an > intermediate solution would be: > > - define an optional "organizational domain" token for DMARC policies. If > present, it must be equal to or a parent of the current domain. > - If the token is provided AND matches the PSL, then the organizational > domain is considered safe for relaxed alignment. If the token is provided > but does not match the PSL, then the longer of the two domain names will be > used for relaxed alignment. > > By using same-domain DMARC policy, senders permit improved efficiency for > evaluators while protecting both senders and evaluators from PSL errors. > > Doug Foster > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
