On Thu, Jul 28, 2022 at 10:49 AM Murray S. Kucherawy <superu...@gmail.com> wrote:
> A couple of tweaks to suggest, edited in-place: > > On Thu, Jul 28, 2022 at 7:24 AM Scott Kitterman <skl...@kitterman.com> > wrote: > >> For Organizational Domain discovery, it will be necessary to perform one >> or >> more DNS Tree Walks (#dns-tree-walk) to determine if any two domains are >> in >> alignment. This means that each DNS Tree Walk to discover an >> Organizational >> Domain will start at one of the following locations: >> >> > * The domain in the RFC5322.From header field of the message. >> > * The RFC5321.MailFrom domain if there is an SPF pass result for the >> > message. >> > * Any DKIM d= domain for which there is a DKIM pass result on the >> message. >> >> > To determine the Organizational Domain for any of these domains, >> perform the >> > DNS Tree Walk as needed the selected domain. For each Tree Walk that >> > retrieved valid DMARC records, select the Organizational Domain from the >> > domains for which valid DMARC records were retrieved from the longest >> to the >> > shortest: >> > > I just corrected a couple of typos, changed "header" to "header field", > and accounted for the fact that a message might have multiple signatures in > varying result combinations. > > It's not clear to me from the thread whether or not the Note parts (see below) should be kept, and if so where they should be located (end of section 4.8?) Note: There is no need to perform Tree Walk searches for Organizational Domains under any of the following conditions: <#section-4.8-3> - The RFC5322.From domain and the RFC5321.MailFrom domain (if SPF authenticated), and/or the DKIM d= domain (if present and authenticated), are all the same and that domain has a DMARC record. In this case, this common domain is treated as the Organizational Domain. <#section-4.8-4.1> - No applicable DMARC policy is discovered for the RFC5322.From domain during the tree walk for that domain. In this case, the DMARC mechanism does not apply to the message in question. <#section-4.8-4.2> - The record for the RFC5322.From domain indicates strict alignment. In this case, a simple string compare between the RFC5322.From domain and the RFC5321.MailFrom domain (if SPF authenticated), and/or the DKIM d= domain (if present and authenticated) is all that is required. -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* todd.h...@valimail.com *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
