On 06/03/2024 21:00, Todd Herr wrote:
Section 4.7, DMARC Policy Discovery, starts with the following sentence:
For policy discovery, a DNS Tree Walk starts at the domain found in
the RFC5322.From header of the message being evaluated.
I think the above is muddy, [...]
When it comes to policy discovery, if the RFC5322.From domain has a
published policy record, it's the policy regardless of the value of the
'psd' tag, is it not? Step 2 of the Tree Walk would seem to indicate
that if such a record didn't have psd=n then the Tree Walk would
continue for policy discovery.
I believe that the first sentence in Section 4.7 should be replaced as
follows:
For policy discovery, first query for a DMARC policy record at the
name created by prepending the label "_dmarc" to the RFC5322.From
domain. If no valid DMARC policy record is found there, then perform
a DNS Tree Walk starting with the parent domain of the RFC5322.From
domain.
That's not exact. If the From: domain has more than 5 labels you don't
start with its parent domain.
My take:
Policy discovery starts by querying the DMARC record for the
RFC5322.From domain, as in step 1 of the DNS Tree Walk. If a record
is found there, that's the policy record, otherwise continue the
DNS Tree Walk .
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
