On 30 Mar 2024, at 17:22, John R. Levine wrote:
>>>> Entities other than domains: Public suffixes aren’t (necessarily) domains, >>> >>> Of course they're domains. What else could they be? The things that are >>> out of scope are IP addresses, ASNs, magic tokens in the messages, stuff >>> like that. >> >> I’m probably being pedantic here: is “gov” a domain? > > Let's check: > > $ dig gov soa > > ; <<>> DiG 9.10.6 <<>> gov soa > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63612 > ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1232 > ;; QUESTION SECTION: > ;gov. IN SOA > > ;; ANSWER SECTION: > gov. 300 IN SOA a.ns.gov. dns.cloudflare.com. > 1711843800 3600 900 604800 300 > > Yup, it's a domain. I stand corrected on that. >> Mine wasn’t a good example. There are a few public suffixes that have more >> than 5 labels. Presumably that means there are registered domains that are 6 >> levels down, and my reading of the tree walk is that a policy published >> there would never be seen. But who knows if they’re actually sending email. > > There aren't any in the PSL. That's where the limit of 5 came from. We've > had people say there are deeper ones; if there are it wouldn't be hard to > bump up the limit from 5 to whatever. Might be worth bumping up. Examples: execute-api.cn-north-1.amazonaws.com.cn cn-northwest-1.eb.amazonaws.com.cn (Amazon seems to have most of the really long ones) -Jim _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc