DNS Examples that Murray requested, which should also addresses John's
question about relevance to DMARC:
nslookup
> set type=txt
> _dmarc.junk.thisisjunk.com
*** <server> can't find _dmarc.junk.thisisjunk.com: Non-existent domain
Domain has no DMARC policy.
Is this because it chose not to deploy one, or because it does not exist?
That answer requires a second query.
> junk.credcontrol.com
*** <server> can't find junk.credcontrol.com: Non-existent domain
The TXT query demonstrates that this is a non-existent domain, and
therefore not under the full administrative control of any parent domain.
The message is DMARC NOT_VERIFIED even if domain alignment occurs with a
DKIM signature or SPF PASS. Since there is no domain-level policy record,
disposition depends on local policy related to non-existent domains and
this particular domain name. The organizational policy record may be
useful if its requested action is more stringent than the local policy
default action for non-existent domains.
> junk.thisisjunk.com
*** <server> can't find junk.thisisjunk.com: Non-existent domain
Domain has no DMARC policy.
Is this because it chose not to deploy one, or because it does not exist?
That answer requires a second query.
>thisisjunk.com
primary name server = ns1.dreamhost.com
responsible mail addr = hostmaster.dreamhost.com
serial = 2018071003
refresh = 19193 (5 hours 19 mins 53 secs)
retry = 1800 (30 mins)
expire = 1814400 (21 days)
default TTL = 14400 (4 hours)
The TXT query demonstrates that the domain exists. This is true whether
the result returns data or NODATA, and in this case the result is NODATA.
The message can be DMARC-verified using domain alignment to a DKIM
Signature or SPF PASS.
Doug Foster
On Thu, Apr 8, 2021 at 2:30 PM John Levine <[email protected]> wrote:
> It appears that Murray S. Kucherawy <[email protected]> said:
> >-=-=-=-=-=-
> >
> >On Thu, Apr 8, 2021 at 9:50 AM Douglas Foster <
> >[email protected]> wrote:
> >
> >> Why is it problematic to document this risk, and indicate that when "No
> >> Policy detected" occurs, it is recommended to check whether the domain
> >> exists, and if it does not exist then local policy for nonexistent
> domains
> >> should be applied?
> >>
> >
> >Can you put together an example message exhibiting the properties you're
> >talking about, and what DNS records are in play in that scenario?
> >
> >I still can't picture the problem you're trying to solve.
>
> My question would be what does it have to do with DMARC.
>
> We already have policies for dealing with non-existent domains unrelated
> to DMARC.
>
> R's,
> John
>
> _______________________________________________
> dmarc mailing list
> [email protected]
> https://www.ietf.org/mailman/listinfo/dmarc
>
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
