I've been thinking about options for how to determine if message identifiers are aligned. Based on recent feedback, I've discarded mfrom/d= domain equals or is a subdomain of from domain as a feasible idea. Here's what I'm left with:
1. No change. For relaxed alignment, as long as there is a common org domain, it is aligned. The depends on the PSL being complete and correct and it's known to be neither, but it's not clear how much that matters in practice. 2. Still use common org domain based on PSL, but exclude the private names section of the PSL. This would address one known source of error and should be largely backward compatible. It would require updates to only query part of the PSL, since (at least the libraries I've checked) currently making this distinction is not generally supported. 3. Common parent domain with DMARC policy. For cases like those recently discussed where from is a subdomain of the d= domain, the d= domain still has a DMARC policy, right? Assuming that's correct (and it is an assumption that should be validated, not one we should just make) then, except where PSDs are publishing a DMARC record, then this will get the same result. For all of the current PSD records, gov, gov.uk, police.uk, and mil, these are private use PSDs where cross-domain forgery among registrants isn't a concern. Similarly, controlled public use PSDs such as bank and insurance shouldn't have this problem either. 4. Common parent domain not marked PSD. We could add a new tag to the DMARC records for PSDs to indicate it's a PSD, so it's record shouldn't be used for alignment. Getting this added to the literal handful of PSD records that exist and specifying it should be used going forward is doable. To implement this approach should produce identical (modulo PSL errors and omissions) results to the RFC 7489 approach. It seems like we've decided to trust that ICANN and ccTLD operators will effectively manage publication of PSL records for policy discovery, so this leverages that trust to simplify alignment while maintaining backward compatibility. I like the even numbered ones best. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc