Ale, On Sat, Feb 25, 2023 at 5:29 AM Alessandro Vesely <ves...@tana.it> wrote:
> On Fri 24/Feb/2023 21:21:15 +0100 Brotman, Alex wrote: > > While discussing this with someone at the conference yesterday, we > thought perhaps we could introduce something of a referral. > > > > Currently: > > _dmarc.ret.bmcc.cuny.edu NULL > > _dmarc.bmcc.cuny.edu "v=DMARC1; p=quarantine; fo=1; rua=mailto: > dmarc_...@emaildefense.proofpoint.com; ruf=mailto: > dmarc_...@emaildefense.proofpoint.com" > > _dmarc.cuny.edu "v=DMARC1;p=none;rua=mailto: > dmarc_...@emaildefense.proofpoint.com,mailto:post.mas...@cuny.edu > ;ruf=mailto:dmarc_...@emaildefense.proofpoint.com,mailto: > post.mas...@cuny.edu;fo=1" > > > > Proposed: > > _dmarc.bmcc.cuny.edu "v=DMARC1;sp=refer:cuny.edu; p=quarantine; fo=1; > rua=mailto:dmarc_...@emaildefense.proofpoint.com; ruf=mailto: > dmarc_...@emaildefense.proofpoint.com" > > > > Adding the "sp=refer:cuny.edu" would allow the existing policy to be > used for undeclared subdomains under the third-level domain. This could be > useful in the situation where an OrgDomain would like to still maintain > some control over policy for the undeclared domains. > > > I like the ability of allowing a subdomain to publish its own policy > without > affecting further subdomains. Indeed, bmcc.cuny.edu features a list of > NSes > different from cuny.edu. Now, ret.bmcc.cuny.edu has no NS record, but > has an > MX different from bmcc. Clearly its mail management is independent. > > Are you sure? # dig cuny.edu NS +noall +answer cuny.edu. 3600 IN NS ext-ns1.columbia.edu. cuny.edu. 3600 IN NS ns10.customer.level3.net. cuny.edu. 3600 IN NS ns15.customer.level3.net. cuny.edu. 3600 IN NS acme.ucc.cuny.edu. cuny.edu. 3600 IN NS lavinia.cis.cuny.edu. # dig bmcc.cuny.edu NS +noall +answer bmcc.cuny.edu. 300 IN NS ns10.customer.level3.net. bmcc.cuny.edu. 300 IN NS ext-ns1.columbia.edu. bmcc.cuny.edu. 300 IN NS ns15.customer.level3.net. bmcc.cuny.edu. 300 IN NS acme.ucc.cuny.edu. bmcc.cuny.edu. 300 IN NS lavinia.cis.cuny.edu. they look the same to me tim OTOH, we cannot force bmcc to monitor the p= and sp= tags of their parent > domain and change their own sp= tag accordingly. > > However, I dislike refer:cuny.edu. What if they published refer: > outlook.com? > > Rather I'd propose sp=inherit. A receiver has to navigate to cuny.edu > anyway > if it needs to establish the organizational domain, so it can retrieve the > policy as well. > > > Best > Ale > -- > > > > > > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
