Hi all,
there is an inconsistency in the org domain definition. The beginning of the
algorithm states:
For each Tree Walk that retrieved valid DMARC Policy Records, select
the Organizational Domain from the domains for which valid DMARC
Policy Records were retrieved from the longest to the shortest:
That sentence implies that a record was found for the org domain. However,
step 2 says:
2. If a valid DMARC Policy Record, other than the one for the domain
where the tree walk started, contains the psd= tag set to 'y'
(psd=y), the Organizational Domain is the domain one label below
this one in the DNS hierarchy, and the selection process is
complete.
The domain one label below PSD doesn't necessarily have a DMARC record, though.
We can either relax the requirement that the org domain has a record, or define
the org domain to be the longest record below the PSD /having a record/. I'd
opt for the latter disjunct.
For example, consider a global bank having From: identifiers such as
ny.us.glob.bank, paris.fr.glob.bank and the like. _dmarc.bank has psd=y. What
if glob.bank publishes no record while both us.glob.bank and fr.glob.bank do?
Shall the policy be that of the PSD? Are the two From: IDs above aligned?
Best
Ale
--
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org