The first step in my research has been to do DMARC policy lookups on the PSL domains About 400 of them have DMARC policies. A super-majority specify relaxed authentication without specifying a NP policy. This indicates that the policy was created before the PSD for DMARC spec. I conclude that these domains want to be treated as organizations, not PSOs, and tbe stop-last Tree Walk will enable what they have been wanting.
Doug On Fri, Oct 13, 2023, 1:06 AM Neil Anuskiewicz <neil= [email protected]> wrote: > > > > On Oct 10, 2023, at 11:57 AM, Alessandro Vesely <[email protected]> wrote: > > > > On Tue 10/Oct/2023 19:16:10 +0200 Todd Herr wrote: > >>> On Tue, Oct 10, 2023 at 6:14 AM Alessandro Vesely <[email protected]> > wrote: > >>> On Tue 10/Oct/2023 00:19:56 +0200 Douglas Foster wrote: > >>>> Both approaches have problems. Stop-at-last enables the walk to > exit the current organization and stop on a private registry, for both > alignment evaluation and for aggregate report transmission. This is not a > minor problem, even if it is arguably infrequent. > >>> > >>> The illustrative example in the draft says: > >>> > >>> _dmarc.a.b.c.d.e.mail.example.com > >>> _dmarc.e.mail.example.com > >>> _dmarc.mail.example.com > >>> _dmarc.example.com > >>> _dmarc.com > >>> > >>> That is, no stop at all. In this respect, a psd=n at example.com > would save a lookup. However, it is not something that we can recommend, > after we chose the obscure tag name. > > >> I'm not sure I understand what you're saying... > >> The illustrative example cited is intended to illustrate a full tree > walk > >> that follows the steps for a full tree walk that are spelled out in the > >> numbered list just prior to the illustrative example. > > > > > > Yup, I'm not criticizing the text (I wouldn't know how to better it). > > > > Just wondering how to implement it. It is understood that programs must > behave /as if/ they followed the letter of the spec, but don't have to > actually do so. > > Would it be possible to test these scenarios with a working prototype or > some other way to provide proof. Due to other obligations I haven’t been > able to lurk here much but upon coming back I think the tree walk issues > touched on today are possibly the only things standing in the way of > dmarcbis. Though I saw there’s a nascent save our PSL movement that I read > about. I’m not sure how serious or influential this movement is and why > they’d feel so strongly that they’d step in with somewhat dubious play > reviews on the 10 yard line. > > I’m just an observer. > > I’d be shocked if DMARCbis to emerge perfect and triumphant. I expect > problems will be addressed, there’s going to be stress, but ultimately > another hack such as the hosts file for DNS will become largely irrelevant > in the big picture, taking the Internet another step out of childhood > toward adulthood. That’s a good thing even if some things go wrong along > the way that need to be fixed or mitigated. The Internet is a place where > the perfect is often more blatantly the enemy of the good. > > Neil > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
