On Wed 17/Apr/2024 15:42:23 +0200 Todd Herr wrote:
On Wed, Apr 17, 2024 at 1:06 AM Scott Kitterman <[email protected]> wrote:
I am confused.
Under the current (7489) rules a record for _dmarc.c.d.e.f.tld won't be
found either in this case. Why do we need to support something that is
currently unsupported? >>
We picked n=5 to allow the current org level record to be detected by the
tree walk. It's true that the tree walk provides some additional
flexibility for subordinate organizations within what we would call a
DMARC org domain based on RFC 7489, but that was by no means anything we
ever described as a feature or a goal. >
I don't share your understanding here. I interpret some of the text of
https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-dmarcbis/issues/79, "Do
away with the PSL and Org Domain entirely; just walk the tree" to at least
imply that the tree walk was designed to provide this flexibility [...]
If we wanted to provide high flexibility, then we'd have designed an
inheritance system whereby, for example, policy or rua address can be inherited
from parent domains. John would 've called it mission gallop.
Even if some organizations have very deep DNS trees, the fact that some
entity uses a.b.c.d.e.f.tld doesn't affect DMARC. The record for the top
level of their organization will still be found. >>
In any case, any domain, at any depth in the tree can publish their own
DMARC record if they need some special thing. The value of N does not
affect that at all >
Fair enough. You're correct that a DMARC policy can be published for any
specific domain used as the RFC5322.From domain, so perhaps a bit of text
in the Tree Walk section describing the really deep use case and
the solution for it might be a compromise.
We may say the system is harsh by design. You can rely on the org domain
settings or define your own in the From: domain. Flexibility to fetch values
from intermediate domains is not provided.
Indeed, even if we had N=8, DMARC records at b.c.d.e.f.g and c.d.e.f.g would be
discarded unless they contained psd=y or psd=n.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
