On Tue, Nov 24, 2020 at 10:15 AM Dave Crocker <dcroc...@gmail.com> wrote:
> On 11/24/2020 7:00 AM, Joseph Brennan wrote: > > I will ask why the recipient system should look up anything but the > > dmarc record for the specific domain in the Header From. > > > Hmmm. Unless I've missed it, the DMARC spec does not explain the reason > for needing the Organizational Domain. > > There are two reasons (at least) for needing the Organizational Domain, and they are discussed in RFC 7489: 1. DMARC also allows for the explicit or implicit expression of policy for sub-domains at the Organizational Domain level. This matters for those times when _dmarc.RFC5322.From.domain is non-existent and RFC5322.From.domain is a sub-domain of the Organizational Domain. 2. The default mode for authenticated identifier alignment, relaxed, requires only that the Organizational Domains for both identifiers are the same, and so the Organizational Domain must be known in order for relaxed alignment to be ascertained. What is perhaps missing from RFC 7489 is the reason that the authors chose to make these two items part of the specification. -- *Todd Herr* | Sr. Technical Program Manager *e:* todd.h...@valimail.com *p:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc