On Wed 19/Jun/2024 16:53:59 +0200 John R Levine wrote:
On Wed, 19 Jun 2024, Alessandro Vesely wrote:
IOW, why not let the org domain be just the shortest of the organization
domains for which a DMARC record was found? It sounds more natural.
In nearly every case, that is exactly what DMARC does.
The only time something else might happen is if the domain publishes psd=n to
say to use a lower level name.
Fair enough. In that case, however, we have to say a little bit louder that
org domains need to be marked psd=n. For example, at step 2 of the algorithm
in Section 4.10.2, we can say explicitly that the org domain thus determined
might not have any DMARC records.
Not setting psd=n can wreak havoc on new PSD records. Consider, for example,
what would happen if Nominet UK, after the proven success of the gov.uk policy,
decided to do the same also for ac.uk, co.uk, org.uk, net.uk and eventually all
their 2ndLDs. At that point, they may consider it more efficient to define just
one record in _dmarc.uk rather than a dozen psd=y records scattered here and
there. There's nothing in the specs that says it's a bad idea to do so. Then
suddenly DMARC will no longer work for the whole country.
We have discussed this in hundreds of messages over the past several years. I
do not understand why anyone would try to relitigate it now.
Only when I coded it I did realize how unnatural it is for the publication of
PSD records not to be idempotent w.r.t. the determination of the org domain.
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
