On Fri, Jun 16, 2023 at 9:21 AM Andy Smith via mailop <mailop@mailop.org> wrote:
> Hi, > > Let's say I have domain example.com with SPF, DKIM and DMARC > records. I've put an A record in there to point foo.bar.example.com > at someone else's IP address. > > Probably some cron job or other automated task on that host has sent > an email from usern...@foo.bar.example.com that has ended up at > gmail. gmail have sent me an aggregated DMARC report that includes > SPF and DMARC failures for that mail. > > I did not expect that such email from foo.bar.example.com would > consult the DMARC record for the parent example.com. Is this > expected? > > Does DMARC use the Public Prefix List or something to determine that > foo.bar.example.com is under the same administrative control as > example.com, and in the absence of _domainkey.foo.bar.example.com > will look for _domainkey.example.com? Amnd perhaps even > _domainkey.bar.example.com? > > Yes, the DMARC protocol does describe the search for the organizational domain for the RFC5322.From domain in an email message. It doesn't rely on the "_domainkey" hostnames (that's DKIM), but it does currently rely on the Public Suffix List to determine the organizational domain in cases where there is no DMARC policy record published for the RFC5322.From domain. -- *Todd Herr * | Technical Director, Standards & Ecosystem *e:* todd.h...@valimail.com *p:* 703-220-4153 *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
