It appears that Todd Herr <todd.h...@valimail.com> said: >The process for a DNS Tree Walk will always start at the point in the DNS >hierarchy that matches the domain in the RFC5322.From header of the >message, and [will always end no later than the Public Suffix Domain that >terminates the RFC5322.From domain. ]
I expect that in about 98% of cases, the tree walk will not find a PSD record, so that's not true. I'd just combine the sentences to "and ends five labels above the From domain if no DMARC records have been found." >The generic steps for a DNS Tree Walk are as follows: ><https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-3> > > 1. > > Query the DNS for a DMARC TXT record at the DNS domain matching the one > found in the RFC5322.From domain in the message. A possibly empty set of > records is returned. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-4.1.1> > 2. > > Records that do not start with a "v=" tag that identifies the current > version of DMARC are discarded. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-4.2.1> > 3. > > If the set is now empty, or the set contains one valid DMARC record that > does not contain the information sought, then determine the target for > additional queries, using steps 4 through 8 below. > 4. > > Break the subject DNS domain name into a set of "n" ordered labels. > Number these labels from right to left; e.g., for "a.mail.example.com", > "com" would be label 1, "example" would be label 2, "mail.example.com" > would be label 3, and so forth. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-4.4.1> > 5. > > Count the number of labels found in the subject DNS domain. Let that > number be "x". If x < 5, remove the left-most (highest-numbered) label from > the subject domain. If x >= 5, remove the left-most (highest-numbered) > labels from the subject domain until 4 labels remain. The resulting DNS > domain name is the new target for subsequent lookups. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-4.5.1> This says that if the name is more than six labels deep, you immediately jump to the five label super-parent to start the tree walk. What I originally intended was to walk five labels and then stop, e.g. h.g.f.e.d.c.b.a g.f.e.d.c.b.a f.e.d.c.b.a e.d.c.b.a d.c.b.a I don't feel strongly either way and since there are close to zero valid domain names with more than six labels, it makes little practical difference, but we need to be sure we agree which one we mean. > 6. > > Query the DNS for a DMARC TXT record at the DNS domain matching this new > target in place of the RFC5322.From domain in the message. A possibly empty > set of records is returned. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-4.6.1> > 7. > > Records that do not start with a "v=" tag that identifies the current > version of DMARC are discarded. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-4.7.1> > 8. > > If the set is now empty, or the set contains one valid DMARC record that > does not contain the information sought, then determine the target for > additional queries by removing a single label from the target domain as > described in step 5 and repeating steps 6 and 7 until there are no more > labels remaining or a valid DMARC record containing the information sought > has been retrieved. > > <https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-05.html#section-4.5-4.8.1> > >For determining the Organizational Domain used for determining relaxed >alignment, the same process is followed, except in the reverse order. I don't see the point. The domain this process just found is the org domain, and walking down can be misleading, e.g. consider www.abc.uk.com. it happens that uk.com is a sort-of-registry so the org domain you want is abc.uk.com but a walk down is likely to stop at uk.com since it has a DMARC record. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
