On 11/12/20 10:30 AM, John Levine wrote: > In article > <CAMSGcLCOUG_a13kwgU==HdpHG+ZpMO5caO2tXKqk3TH=n7-...@mail.gmail.com> you > write: >> As another case, would people be surprised that email for the medical >> center cumc.columbia.edu is a separate system managed by a separate IT >> group from columbia.edu, and that any authentication for one should not be >> applied to the other? I don't think this is unique in large decentralized >> universities. The real email world is a complicated place. > > Good point, and those aren't boundaries that the PSL et al will show. > On the other hand, if you don't want your nominal parent organization > stealing your reports, you can fix that by publishing your own dmarc > record regardless of how we find the org domain.
Assuming this is obvious - it's also a challenge for sp. It would be nice to get to the point that we could publish more than sp=none at our organizational domain. Without tree walking, or some other ability to define sp for 3rd-level domains (such as the one that is the parent of our high throughput compute cluster of 4th level domain named machines that send email - shocker, I know), we'll never achieve any meaningful org-level sp due to the complexity of our organization. If tree walking is a thing that comes to fruition, what does it mean for a domain to be an organizational domain (in reference to the idea that the DMARC spec will just point to another doc to determine the org domain)? Aren't all parent domains org domains of their children? Or is there something special about the "top" org domain that I'm not understanding? Jesse UW-Madison _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc