On March 31, 2024 3:20:41 PM UTC, Jim Fenton <fen...@bluepopcorn.net> wrote: > > >On 30 Mar 2024, at 17:22, John R. Levine wrote: > >>>>> Entities other than domains: Public suffixes aren’t (necessarily) domains, >>>> >>>> Of course they're domains. What else could they be? The things that are >>>> out of scope are IP addresses, ASNs, magic tokens in the messages, stuff >>>> like that. >>> >>> I’m probably being pedantic here: is “gov” a domain? >> >> Let's check: >> >> $ dig gov soa >> >> ; <<>> DiG 9.10.6 <<>> gov soa >> ;; global options: +cmd >> ;; Got answer: >> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 63612 >> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 >> >> ;; OPT PSEUDOSECTION: >> ; EDNS: version: 0, flags:; udp: 1232 >> ;; QUESTION SECTION: >> ;gov. IN SOA >> >> ;; ANSWER SECTION: >> gov. 300 IN SOA a.ns.gov. >> dns.cloudflare.com. 1711843800 3600 900 604800 300 >> >> Yup, it's a domain. > >I stand corrected on that. > >>> Mine wasn’t a good example. There are a few public suffixes that have more >>> than 5 labels. Presumably that means there are registered domains that are >>> 6 levels down, and my reading of the tree walk is that a policy published >>> there would never be seen. But who knows if they’re actually sending email. >> >> There aren't any in the PSL. That's where the limit of 5 came from. We've >> had people say there are deeper ones; if there are it wouldn't be hard to >> bump up the limit from 5 to whatever. > >Might be worth bumping up. Examples: > >execute-api.cn-north-1.amazonaws.com.cn >cn-northwest-1.eb.amazonaws.com.cn > >(Amazon seems to have most of the really long ones)
My recollection is that we concluded these types of PSL entries weren't relevant for DMARC. In any case, since Amazon controls everything below .com.cn in these examples, if they were so inclined, they can put a psd=y record wherever they need to. This is not a good example for raising the threshold. If anything, it's an example of why getting away from the PSL is a good idea. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
