No, this is not a false positive. The PSL put all of the identifiers in a 2LD organization, which I reviewed and judged to be correct.
The problem happens when Mail From [email protected] authenticates [email protected] and both domains have DMARC policies. Removing the lower policy is the only remedy. For SPF, this pattern of child-authenticates-parent is quite common. Hsving multipke DMARC policies is less common. Again, what previous data was presented to justify the consensus that we would see no probems? Doug On Sat, Oct 7, 2023, 1:26 PM Richard Clayton <[email protected]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > In message <CAH48Zfyowa3nnXf2bn59R01LqXq-=kMFNPS6=46Py2c- > [email protected]>, Douglas Foster <dougfoster.emailstandards@gmail. > com> writes > > > So initially, I am asking for a compsrison between my results and > > the data used to justify the asserted consensus. > > if you published the data (just the right hand side of relevant > addresses is needed) we could check your working ... > > > Was 2% previuosly observed and judged acceptable? Were the > > previous error rates judged acceptable because they were computed > > using a different denominator definition? > > clearly if you get 10 messages from odd-domain and 10 messages from > Google then you will see a different percentage than someone who gets 3 > (or some days 0) messages from odd-domain and 1000000 from Google ... > but provided odd-domain isn't just sending to you then any large mailbox > provider should have seen enough mail to provide a sensible measure of > the impact by counting domains not %age of overall mail. > > > With our present design, the necessary response to these errors is > > for the domain owner to remove intermediate DMARC policies. > > that's strange ... isn't the intent of the new scheme to encourage > subdomain owners to add them ! > > I do wonder if this is the PSL raising its ugly head again. A remarkable > number of the people who have added entries have not understood how they > now need to publish rather more DNS records than previously ... > > - -- > richard Richard Clayton > > Those who would give up essential Liberty, to purchase a little temporary > Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 > > -----BEGIN PGP SIGNATURE----- > Version: PGPsdk version 1.7.1 > > iQA/AwUBZSGUTN2nQQHFxEViEQKHpQCeP4SAEJFQbCG74hSpmKPugIWLWs0An2e5 > DMtrmcDBziCPFM9PVB0Vx6dI > =aCqk > -----END PGP SIGNATURE----- > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
