They are covered by accident if the domain has an enforceable policy. The reality is that NX status means tharmt the subdomain is not under the administrative control of any parent domain and therefore the presence or absence of a domain policy is irrelevant.
Why is it problematic to document this risk, and indicate that when "No Policy detected" occurs, it is recommended to check whether the domain exists, and if it does not exist then local policy for nonexistent domains should be applied? On Thu, Apr 8, 2021, 11:44 AM Kurt Andersen (b) <[email protected]> wrote: > On Thu, Apr 8, 2021 at 5:02 AM Douglas Foster < > [email protected]> wrote: > >> >> "IETF is interested in attacks of the form >> 'otherdomain.nonexistentdomain.psd', but IETF is not interested in attacks >> of the form 'nonexistentdomain.otherdomain.psd'. >> > > I don't understand your assertion here. Non-existent domains under > existing org domains are already covered by the org-level DMARC policy > assertion. 5322.From domain of nosuchdomain.example.com would be treated > in accord with the policy for example.com. > > --Kurt >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
