It appears that Alessandro Vesely <ves...@tana.it> said: >On Wed 19/Jan/2022 19:38:15 +0100 John Levine wrote: >> What I always intended with the tree walk is that you walk up the tree and >> if you find >> a DMARC record that isn't a PSD, that's your org domain. To see if two >> names are in relaxed >> alignment, do a tree walk for both and if they end at the same place, >> they're aligned. As >> a special case albeit a very common one, if one name is a descendant of the >> other, and there >> are no DMARC records in between, they're aligned. > >Why would a DMARC record in between invalidate the alignment?
For the same reason the PSL has a lot of two- and three-label domains. >DKIM-Signature: d=a.b.example.com [...] >From: j...@c.example.com > >_dmarc.example.com IN TXT "v=DMARC1; p=reject;" >_dmarc.b.example.com. IN TXT "v=DMARC1; p=none; inbetween=y" >Is that aligned? No, the org domain for c.example.com is example.com, while the org domain for a.b.example.com is b.example.com. I suppose we could try and invent rules that say only records with the PSD flag prevent alignment, but then the description of the tree walk becomes much more complicated and the tree walk gets longer and slower and I don't see what actual problem that would solve. In your model, when doing a tree walk from a.b.example.com, how do you know not to stop at b.example.com? Do you always do five levels and use the one highest up the tree or what? R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
