On Apr 17, 2024, at 6:33 AM, Todd Herr <todd.herr=40valimail....@dmarc.ietf.org> wrote:
Colleagues,
DMARCbis currently describes the value of 'n' for the 'psd' tag in a policy record as follows:
- The DMARC policy record is published for a PSD, but it is not the Organizational Domain for itself and its subdomain. There is no need to put psd=n in a DMARC record, except in the very unusual case of a parent PSD publishing a DMARC record without the requisite psd=y tag.
I don't think this is entirely accurate, especially the second sentence ("no need ... except in the very unusual case"), and here's why. Either that, or the description of the Tree Walk needs to be changed.
The Tree Walk is intended for both DMARC Policy discovery and Organizational Domain discovery, and section 4.7 (DMARC Policy Discovery) says the policy to be applied will be the DMARC record found at one of these three locations: - The RFC5322.From domain
- The Organizational Domain of the RFC5322.From domain
- The Public Suffix Domain of the RFC5322.From domain
Meanwhile, section 4.8, Organizational Domain Discovery, gives the following three options for where the Organizational Domain is: - DMARC record with psd=n
- The domain one level below the domain with a DMARC record with the tag psd=y
- The record for the domain with the fewest number of labels.
The Tree Walk, as described in section 4.6, defines two explicit places to stop, both of which rely on discovery of a DMARC policy record with a psd tag defined.
One of your concerns is that without a PSD tag, but I think the default is PSD=n. Does,that address that concern or did I misunderstand the concern?
The default for the psd tag is 'u', not 'n'.
Thank you and I’m not sure why I was thinking n. I guess I figured if it’s not a PSD which should publish an explicit y. My logic just looking at the tree walk makes no sense. |
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
