On June 2, 2024 3:05:58 PM UTC, Jaroslaw Rafa via Postfix-users
<[email protected]> wrote:
>Dnia 2.06.2024 o godz. 07:19:38 Jeff P via Postfix-users pisze:
>>
>> I am using a subdomain xxx.eu.org for sending email.
>> Though I have not set a dmarc for xxx.eu.org, but gmail says DMARC pass.
>> So i checked that eu.org does have a DMARC record:
>>
>> _dmarc.eu.org. 7200 IN TXT
>> "v=DMARC1;p=none;sp=none;pct=10;rua=mailto:[email protected];ruf=mailto:[email protected]";
>>
>>
>> My question is, for my sender email - [email protected], which domain
>> should be checked for DMARC? xxx.eu.org, or eu.org?
>
>As I am also using an *.eu.org domain, I strongly suggest using the DMARC
>record for your domain. I think the DMARC record for the whole eu.org domain
>is a mistake by the domain maintainers, because eu.org is a publicly
>available suffix, kinda like a TLD, and having DMARC record on eu.org is
>similar to having a DMARC record on the top-level .com domain for example.
>
>The various xxx.eu.org domains belong to different entities so they should
>not be processed under a common "umbrella".
>
>Use DMARC for your own domain to clearly signal that your xxx.eu.org domain
>and the parent eu.,org domain are NOT the same entity.
Since eu.org is listed in the Public Suffix List, its DMARC record should not
be consulted for any of its subdomains. I don't know how reliably existing
implementations handle this case, but there's nothing wrong with them having a
DMARC record for their own mail.
Given the potential for buggy or incomplete implementation of DMARC, I think
your point still stands, but more as a backup, just in case.
They (eu.org) will need to make a small change in their record to support the
upcoming IETF update to DMARC, which thankfully won't use the PSL anymore, but
that's a longer term concern.
Anyone who wants to follow up on this should probably email me directly as
we're getting pretty far away from Postfix.
Scott K
_______________________________________________
Postfix-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
