On Fri 24/Feb/2023 21:21:15 +0100 Brotman, Alex wrote:
While discussing this with someone at the conference yesterday, we thought
perhaps we could introduce something of a referral.
Currently:
_dmarc.ret.bmcc.cuny.edu NULL
_dmarc.bmcc.cuny.edu "v=DMARC1; p=quarantine; fo=1;
rua=mailto:dmarc_...@emaildefense.proofpoint.com;
ruf=mailto:dmarc_...@emaildefense.proofpoint.com";
_dmarc.cuny.edu
"v=DMARC1;p=none;rua=mailto:dmarc_...@emaildefense.proofpoint.com,mailto:post.mas...@cuny.edu;ruf=mailto:dmarc_...@emaildefense.proofpoint.com,mailto:post.mas...@cuny.edu;fo=1";
Proposed:
_dmarc.bmcc.cuny.edu "v=DMARC1;sp=refer:cuny.edu; p=quarantine; fo=1;
rua=mailto:dmarc_...@emaildefense.proofpoint.com;
ruf=mailto:dmarc_...@emaildefense.proofpoint.com";
Adding the "sp=refer:cuny.edu" would allow the existing policy to be used for
undeclared subdomains under the third-level domain. This could be useful in the
situation where an OrgDomain would like to still maintain some control over policy for
the undeclared domains.
I like the ability of allowing a subdomain to publish its own policy without
affecting further subdomains. Indeed, bmcc.cuny.edu features a list of NSes
different from cuny.edu. Now, ret.bmcc.cuny.edu has no NS record, but has an
MX different from bmcc. Clearly its mail management is independent.
OTOH, we cannot force bmcc to monitor the p= and sp= tags of their parent
domain and change their own sp= tag accordingly.
However, I dislike refer:cuny.edu. What if they published refer:outlook.com?
Rather I'd propose sp=inherit. A receiver has to navigate to cuny.edu anyway
if it needs to establish the organizational domain, so it can retrieve the
policy as well.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
