It appears that Mark Alley <mark.al...@tekmarc.com> said: >-=-=-=-=-=- > >This question probably has an obvious answer, but asking for >clarification on this - Policy difference aside, in this example >provided, does this mean with the Treewalk behavior, cuny.edu's DMARC >feedback addresses that differ from the subdomain's would stop getting >the sub's DMARC reports?
Yes, that's a feature. If you want your subdomains to send reports to some particular place, tell them to do that. If you don't, that's OK too. Any domain can put a "rua" tag into its DMARC record so this isn't really anything new. R's, John >On 2/23/2023 6:13 PM, John R. Levine wrote: >>> I haven’t done extensive research but here is a live example where >>> treewalk will cause a result change. >>> From: is in the domain Ret.bmcc.cuny.edu which has no DMARC record. >>> _dmarc.bmcc.cuny.edu. 300 IN TXT "v=DMARC1; p=quarantine; >>> fo=1; >>> rua=mailto:dmarc_...@emaildefense.proofpoint.com; >>> ruf=mailto:dmarc_...@emaildefense.proofpoint.com"; >>> >>> _dmarc.cuny.edu. 3325 IN TXT "v=DMARC1;" "p=none;" >>> "rua=mailto:dmarc_...@emaildefense.proofpoint.com,mailto:post.mas...@cuny.edu;"; >>> >>> >>> "ruf=mailto:dmarc_...@emaildefense.proofpoint.com,mailto:post.mas...@cuny.edu;"; >>> >>> "fo=1" >> >> Good catch, although in this case I think the most likely result is >> that the people at bmcc.cuny.edu will say "who set up >> Ret.bmcc.cuny.edu?" I see that bmcc.cuny.edu and cuny.edu both use >> Proofpoint in front of O365, while Ret.bmcc.cuny.edu goes directly to >> O365. There's some other strangeness; www.cuny.edu is a CNAME for >> web.cuny.edu which has an MX to mail-relay.cuny.edu. which has 7 A >> records pointing to machines running sendmail. >> >> It might be interesting to set up a web page where you can put in a >> mail domain and it'll tell you whether its treatment will change with >> the tree walk. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
