On 11/13/2020 6:46 AM, Joseph Brennan wrote:
The simple solution is for cumc.columbia.edu <http://cumc.columbia.edu>to publish its own record. Done.Michael HammerI don't think I have the right to force the owner of another domain to publish dmarc. The owner of the other domain may want to allow users in their domain to contribute to lists and groups without having their messages rejected, or mangled by well-intentioned workarounds. This is not simple. This is a real-world case with the domains ending columbia.edu <http://columbia.edu>.
I'm not sure how 'forcing' is involved here, but let's make sure we have the same foundation for discussion:
A domain name falls under an administrative authority. Names above or below this domain name might fall under the same, or a different, authority.
An administrative authority has the responsibility for setting policies for the domains over which it has authority.
The discussion, here, concerns finding a domain that is the 'top' of an administrative authority hierarchy, in order to discern a possible, default dmarc record.
While there has sometimes been discussion about whether that default in fact can override a specific domain's DMARC record's attributes, I believe the accepted view is that it is applied only in the absence of a specific domain's dmarc record, rather than being applied to selectively modify one.
An administrative authority might set a strict default, such as d=reject. Any subordinate domain, within that authority, can override this by merely publishing its own record with a different set of parameters, such as d=none.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
