Is there any reason to lead with don’t worry about the tag but there is one
critical use case. I think a more declarative statement in favor of the tag for
those who will be stressed and skimming. Sure they might add a psd where it’s
not needed but that’s better than not know the important part: the exception.
So the strong statement should be the lead and the exception, btw, only really
need it when… comes next. That would lead to some extraneous tags but less
likely missing when it counts, rare.
> On Mar 10, 2024, at 12:14 PM, Douglas Foster
> <dougfoster.emailstanda...@gmail.com> wrote:
>
>
> Both of these statements seem unnecessarily weak, bordering on apologetic.
>
> 5.3.General Record Format
> PSD ("n")
> ."... There is no need to put psd=n in a DMARC record, except in the very
> unusual case of a parent PSD publishing a DMARC record without the requisite
> psd=y tag."
>
> 11.8 Determination of the Organizational Domain For Relaxed Alignment
> "For cases where strict alignment is not appropriate, this issue can be
> mitigated by periodically checking the DMARC records, if any, of PSDs above
> the organization's domains in the DNS tree and (for legacy [RFC7489] checking
> that appropriate PSL entries remain present). If a PSD domain publishes a
> DMARC record without the appropriate psd=y tag, organizational domain owners
> can add psd=n to their organizational domain's DMARC record so that the PSD
> record will not be incorrectly evaluated to be the organizational domain."
>
> I suggest that the second sentence of 5.3 should read:
> "While the tree walk is designed to be upward-compatible with existing
> policies that do not provide a psd tag, use of psd=n is RECOMMENDED as it
> reduces evaluator processing effort, reduces load on the DNS, and increases
> confidence in the evaluation results. Use of psd=n is REQUIRED if a parent
> domain has a DMARC policy without a psd tag."
>
> Given the number of private registries that have embraced DMARC for PSDs
> prior to publication of DMARCbis, it is difficult to even justify the
> assumption that an unflagged PSD will be "very unusual"
> Similarly, 11.8 could more usefully read:
> "For cases where strict alignment is not appropriate, this issue can be fully
> mitigated by publishing a psd=n tag on the organizational domain."
>
> Why would anyone "periodically check" for a problem, when the risk can be
> completely eliminated in advance by taking a simple preventative measure?
>
> Doug Foster
>
> _______________________________________________
> dmarc mailing list
> dmarc@ietf.org
> https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
