On 11/13/2020 6:46 AM, Joseph Brennan wrote:
The simple solution is for cumc.columbia.edu
<http://cumc.columbia.edu>to publish its own record. Done.
Michael Hammer
I don't think I have the right to force the owner of another domain to
publish dmarc. The owner of the other domain may want to allow users in
their domain to contribute to lists and groups without having their
messages rejected, or mangled by well-intentioned workarounds. This is
not simple. This is a real-world case with the domains ending
columbia.edu <http://columbia.edu>.
I'm not sure how 'forcing' is involved here, but let's make sure we have
the same foundation for discussion:
A domain name falls under an administrative authority. Names above or
below this domain name might fall under the same, or a different, authority.
An administrative authority has the responsibility for setting policies
for the domains over which it has authority.
The discussion, here, concerns finding a domain that is the 'top' of an
administrative authority hierarchy, in order to discern a possible,
default dmarc record.
While there has sometimes been discussion about whether that default in
fact can override a specific domain's DMARC record's attributes, I
believe the accepted view is that it is applied only in the absence of a
specific domain's dmarc record, rather than being applied to selectively
modify one.
An administrative authority might set a strict default, such as
d=reject. Any subordinate domain, within that authority, can override
this by merely publishing its own record with a different set of
parameters, such as d=none.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc