Re: [dmarc-ietf] Treewalk causing changes

Sun, 26 Feb 2023 02:13:36 -0800 

On Sun 26/Feb/2023 00:19:57 +0100 Tim Wicinski wrote:

On Sat, Feb 25, 2023 at 5:29 AM Alessandro Vesely <ves...@tana.it> wrote:

On Fri 24/Feb/2023 21:21:15 +0100 Brotman, Alex wrote:


Currently:
_dmarc.ret.bmcc.cuny.edu NULL
_dmarc.bmcc.cuny.edu "v=DMARC1; p=quarantine; fo=1; rua=mailto: 
dmarc_...@emaildefense.proofpoint.com; ruf=mailto: 
dmarc_...@emaildefense.proofpoint.com"
_dmarc.cuny.edu  "v=DMARC1;p=none;rua=mailto: 
dmarc_...@emaildefense.proofpoint.com,mailto:post.mas...@cuny.edu 
;ruf=mailto:dmarc_...@emaildefense.proofpoint.com,mailto:post.mas...@cuny.edu;fo=1";

Proposed:
_dmarc.bmcc.cuny.edu "v=DMARC1;sp=refer:cuny.edu; p=quarantine; fo=1; 
rua=mailto:dmarc_...@emaildefense.proofpoint.com; ruf=mailto: 
dmarc_...@emaildefense.proofpoint.com"


Adding the "sp=refer:cuny.edu" would allow the existing policy to be 
used for undeclared subdomains under the third-level domain.  This could be 
useful in the situation where an OrgDomain would like to still maintain 
some control over policy for the undeclared domains.



I like the ability of allowing a subdomain to publish its own policy without 
affecting further subdomains.  Indeed, bmcc.cuny.edu features a list of NSes 
different from cuny.edu.  Now, ret.bmcc.cuny.edu has no NS record, but has an 
MX different from bmcc.  Clearly its mail management is independent.



Are you sure?

# dig  cuny.edu NS +noall +answer
cuny.edu. 3600 IN NS ext-ns1.columbia.edu.
cuny.edu. 3600 IN NS ns10.customer.level3.net.
cuny.edu. 3600 IN NS ns15.customer.level3.net.
cuny.edu. 3600 IN NS acme.ucc.cuny.edu.
cuny.edu. 3600 IN NS lavinia.cis.cuny.edu.
#
dig  bmcc.cuny.edu NS +noall +answer
bmcc.cuny.edu. 300 IN NS ns10.customer.level3.net.
bmcc.cuny.edu. 300 IN NS ext-ns1.columbia.edu.
bmcc.cuny.edu. 300 IN NS ns15.customer.level3.net.
bmcc.cuny.edu. 300 IN NS acme.ucc.cuny.edu.
bmcc.cuny.edu. 300 IN NS lavinia.cis.cuny.edu.
they look the same to me



Oops, you're right.  When I queried it I got a very different order ...

Difference in mail management can be inferred from MX:

$ dig +noall +answer cuny.edu mx
cuny.edu.               3600    IN      MX      10 mail-relay.cuny.edu.
$ dig +noall +answer bmcc.cuny.edu mx
bmcc.cuny.edu.          1800    IN      MX      10 
mxb-00029401.gslb.pphosted.com.
bmcc.cuny.edu.          1800    IN      MX      10 
mxa-00029401.gslb.pphosted.com.
$ dig +noall +answer ret.bmcc.cuny.edu mx
ret.bmcc.cuny.edu.      300     IN      MX      10 
ret-bmcc-cuny-edu.mail.protection.outlook.com.


Best
Ale
--







_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc



























					Reply via email to