On Wed, Jun 5, 2024 at 11:33 AM Alessandro Vesely <[email protected]> wrote:
> Hi all, > > there is an inconsistency in the org domain definition. The beginning of > the > algorithm states: > > For each Tree Walk that retrieved valid DMARC Policy Records, select > the Organizational Domain from the domains for which valid DMARC > Policy Records were retrieved from the longest to the shortest: > > That sentence implies that a record was found for the org domain. > However, > step 2 says: > > 2. If a valid DMARC Policy Record, other than the one for the domain > where the tree walk started, contains the psd= tag set to 'y' > (psd=y), the Organizational Domain is the domain one label below > this one in the DNS hierarchy, and the selection process is > complete. > > The domain one label below PSD doesn't necessarily have a DMARC record, > though. > > We can either relax the requirement that the org domain has a record, or > define > the org domain to be the longest record below the PSD /having a record/. > I'd > opt for the latter disjunct. > > For example, consider a global bank having From: identifiers such as > ny.us.glob.bank, paris.fr.glob.bank and the like. _dmarc.bank has psd=y. > What > if glob.bank publishes no record while both us.glob.bank and fr.glob.bank > do? > Shall the policy be that of the PSD? Are the two From: IDs above aligned? > > My interpretation of the text as currently written is that there does not have to be a DMARC policy record published at glob.bank in order for it to be the Organizational Domain in this scenario. The text says "the Organizational Domain is the domain one label below [the domain where the psd=y tag was found] in the DNS hierarchy" Whether or not it is our collective intent for a domain with no explicit DMARC policy record to be an Organizational Domain in this scenario is a discussion I'll invite now. -- Todd Herr | Technical Director, Standards & Ecosystem Email: [email protected] Phone: 703-220-4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
