Dnia 16.06.2023 o godz. 09:31:58 Todd Herr via mailop pisze: > Yes, the DMARC protocol does describe the search for the organizational > domain for the RFC5322.From domain in an email message. > > It doesn't rely on the "_domainkey" hostnames (that's DKIM), but it does > currently rely on the Public Suffix List to determine the organizational > domain in cases where there is no DMARC policy record published for the > RFC5322.From domain.
Well, in reality it doesn't use PSL. When my issues with deliverability to Google began a few years ago, I had no DMARC record on my domain rafa.eu.org. It has been so since the beginning of the domain and Gmail only used its "best guess" rule to indicate SPF pass (as SPF record was not present as well). At some time I noticed that Gmail started to indicate DMARC failure. I checked and found out that the admins of parent eu.org domain put a DMARC record on it, which caused emails from my domain rafa.eu.org (not from the parent eu.org) to fail DMARC check. But... eu.org is on the PSL! So, if DMARC check did actually use the PSL to determine the organizational domain, it would have determined that rafa.eu.org *is* the organizational domain itself and it shouldn't check anything above it. It wasn't the case, however. So at least one (and important one, given the size of this mail service) implementation of DMARC does not use the PSL. -- Regards, Jaroslaw Rafa [email protected] -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
