Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup

Alessandro Vesely <> Wed, 25 November 2020 08:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 2B5C43A11FA for <>; Wed, 25 Nov 2020 00:08:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.111
X-Spam-Status: No, score=-2.111 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, T_FILL_THIS_FORM_SHORT=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1152-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 8ZVbgOulAvsl for <>; Wed, 25 Nov 2020 00:08:40 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 48CDF3A11F8 for <>; Wed, 25 Nov 2020 00:08:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=delta; t=1606291716; bh=mb4vtFHr88aikGFotHAVuvKfPErrd3yf36Ztdr/bZUA=; l=926; h=To:References:From:Date:In-Reply-To; b=BplDGpdDW7Sb4BNVIAw4JmERsS+Jf7y7kOhsQctSTo/1ml1+T39usV+s7RdZ9mQCY fWL49UQTG88zI9x7nBg6nSV69WfELtnGIfca95bggolLAz56DZLxRc351sbjhqRDZO M5Ey6RPdB3fCpFT+V8dlA5z69n5vzqhaK4lblFiX2hh0nwpkcotiJEFbwZte8
Authentication-Results:; auth=pass (details omitted)
Original-From: Alessandro Vesely <>
Received: from [] (pcale.tana []) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by with ESMTPSA id 00000000005DC07E.000000005FBE1104.00001678; Wed, 25 Nov 2020 09:08:36 +0100
To: John R Levine <>,
References: <20201124170351.C430227DFEBF@ary.qy> <> <>
From: Alessandro Vesely <>
Message-ID: <>
Date: Wed, 25 Nov 2020 09:08:36 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <>
Subject: Re: [dmarc-ietf] Doing a tree walk rather than PSL lookup
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 25 Nov 2020 08:08:43 -0000

On Tue 24/Nov/2020 20:29:11 +0100 John R Levine wrote:
>> "Holy Roman Empire"
> Organizations, typically universities, where the nominal organization tree and 
> the actual control are different.  The PSL isn't useful because the party that 
> controls their Org domain often doesn't control lower parts of the DNS tree.

The PSL takes care of particular cases, listing suffixes like or 
various flavors of, which officially look like any other 2nd 
level domain, but actually host independent organizations.  Those entries are 
commented with the names and email addresses of the principal who submitted 
them.  In their own words:

     In addition, owners of privately-registered domains who themselves issue
     subdomains to mutually-untrusting parties may wish to be added to the
     PRIVATE section of the list.