RFC Errata
RFC 7489, "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", March 2015
Note: This RFC has been updated by RFC 8553, RFC 8616
Source of RFC: INDEPENDENT
Errata ID: 6729
Status: Reported
Type: Technical
Publication Format(s) : TEXT
Reported By: Scott Kitterman
Date Reported: 2021-11-01
Section 3.2 says:
3. Search the public suffix list for the name that matches the largest number of labels found in the subject DNS domain. Let that number be "x".
It should say:
3. Search the ICANN DOMAINS section of the public suffix list for the name that matches the largest number of labels found in the subject DNS domain. Let that number be "x".
Notes:
The PSL includes both public and private domains. RFC 7489 should have limited name matching to the public, ICANN DOMAINS section of the PSL. As an example, using the current PSL, the organizational domain for example.s3.dualstack.ap-northeast-1.amazonaws.com is example.s3.dualstack.ap-northeast-1.amazonaws.com, not amazonaws.com since it is listed in the private section of the PSL. This is clearly the wrong result.