On Thu 14/Mar/2024 12:17:17 +0100 Douglas Foster wrote:
Your latter questions were similar to Ale's
- If the SPF/DKIM domain is a parent of the From domain, then we check its
relationship to the organizational domain. If it is a parent of the
organizational domain, the result is unaligned. If it is anywhere between
the organizational domain and the From domain, then it is aligned. In
either case, the Tree Walk is no needed.
Well, you remove the leftmost label and lookup the DMARC record. Much more
than a string comparison. You may call it not a Tree Walk, but it actually is.
The point is that you stop whether or not there's psd=y, or even no record at
all. An Interrupted Tree Walk. That is:
If there is a DMARC record at the From: domain and it has no psd=y, then:
* if DKIM domain equals From: domain, aligned, no walk (already documented),
* if DKIM domain is a direct child of the From: domain, one must check its
record has no psd= tag,
* if DKIM domain is the parent of the From: domain, one must check its
record doesn't have psd=y.
I agree an appendix could be useful, unless we think developers are so much
smarter than domain owners that the latter deserve the pedantic thoughtfulness
that characterizes record publishing explanations, while developers can work it
out by themselves...
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
