The second principle in my discussion about NP is that an unregistered organization is by definition an unacceptable impersonation. When organization existence has not been demonstrated by discovery of a DMARC policy (or SPF policy or DKIM key), then it should be explicitly tested for existence and blocked on failure.
All forms of acceptable impersonation are on behalf of a real account in a real domain, derived from a prior relationship with that entity. Unregistered domain names are an attack on the recipient, on the registrar, on the organizations that have registered properly, and on the not-yet-registered organization that may want to use that name in the future. The value of the PSD=Y with NP clause is to provide reporting of violations, and to bring this issue to the attention of all evaluators. But evaluators should not require a NP clause to detect and block violations. "FakeYouOut.com" is just as bad as "FakeYouOut.bank". Doug On Thu, Aug 4, 2022 at 9:58 PM Murray S. Kucherawy <superu...@gmail.com> wrote: > On Thu, Aug 4, 2022 at 10:56 AM Todd Herr <todd.herr= > 40valimail....@dmarc.ietf.org> wrote: > >> I'm struggling to understand what you're trying to say here. >> >> Below is section 4.7 from >> https://www.ietf.org/archive/id/draft-ietf-dmarc-dmarcbis-15.txt. Can >> you please highlight the specific text you're taking issue with and help me >> understand how it maps to what you've written above? >> [...] >> > > Or in the alternative, maybe an example of the concern in either a real or > made-up DNS tree might illustrate what's going on here. > > -MSK > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
