I've been thinking about options for how to determine if message identifiers 
are aligned.  Based on recent feedback, I've discarded mfrom/d= domain equals 
or is a subdomain of from domain as a feasible idea.  Here's what I'm left 
with:

1.  No change.  For relaxed alignment, as long as there is a common org 
domain, it is aligned.  The depends on the PSL being complete and correct and 
it's known to be neither, but it's not clear how much that matters in 
practice.

2.  Still use common org domain based on PSL, but exclude the private names 
section of the PSL.  This would address one known source of error and should 
be largely backward compatible.  It would require updates to only query part 
of the PSL, since (at least the libraries I've checked) currently making this 
distinction is not generally supported.

3.  Common parent domain with DMARC policy.  For cases like those recently 
discussed where from is a subdomain of the d= domain, the d= domain still has 
a DMARC policy, right?  Assuming that's correct (and it is an assumption that 
should be validated, not one we should just make) then, except where PSDs are 
publishing a DMARC record, then this will get the same result.  For all of the 
current PSD records, gov, gov.uk, police.uk, and mil, these are private use 
PSDs where cross-domain forgery among registrants isn't a concern.  Similarly, 
controlled public use PSDs such as bank and insurance shouldn't have this 
problem either.

4.  Common parent domain not marked PSD.  We could add a new tag to the DMARC 
records for PSDs to indicate it's a PSD, so it's record shouldn't be used for 
alignment.  Getting this added to the literal handful of PSD records that 
exist and specifying it should be used going forward is doable.  To implement 
this approach should produce identical (modulo PSL errors and omissions) 
results to the RFC 7489 approach.  It seems like we've decided to trust that 
ICANN and ccTLD operators will effectively manage publication of PSL records 
for policy discovery, so this leverages that trust to simplify alignment while 
maintaining backward compatibility.

I like the even numbered ones best.

Scott K


_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc

Reply via email to