Closed sam-lord closed 3 months ago
@sam-lord Would you mind answering a few questions?
Hi Simon,
example.ghost.io
sends from example@ghost.io
. We sign emails with a few different subdomains of ghost.io to separate customers by volume / other factors, but the organisational domain of m.ghost.io
is m.ghost.io
, because of our appearance on the PSL. The organisational domain of the from address is ghost.io
, which doesn't match m.ghost.io
, causing us to fail on a relax alignment check.I have had a read through RFC 9091 while I was trying to find a solution to this, and I don't think it will fix our use-case. Since the emails need to be sent from @ghost.io, DMARC records at the subdomain level wouldn't help.
Let me know if you've got any other concerns about this change.
Submitter affirms the following:
For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.
To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.
PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.
(Link: about propagation/expectations)
[x] Yes, I understand. I could break my organization's website cookies etc. and the rollback timing, etc is acceptable. Proceed.
Description of Organization
Ghost is an open source CMS, with an emphasis on publishing, memberships & email. We provide a hosting service, which uses subdomains of
ghost.io
as the default domain.Organization Website: https://ghost.org
Reason for PSL Removal
We cannot comply with DMARC with our current setup. The organizational domain of the subdomains (of ghost.io) that we use for email are different to the organizational domain of the apex domain (ghost.io) we use for customer RFC5322.From addresses.
Our customers don't have the ability to set their own DNS records for their subdomain, and they don't control the server software (so they can't set HttpOnly cookies for other domains). Since we can overcome the security downside of the removal, and we can't easily overcome the DMARC issue, removal seems appropriate.
Previous PR adding us to the PSL: https://github.com/publicsuffix/list/pull/1180
Number of users this request is being made to serve:
Around 20k subdomains of ghost.io.
DNS Verification via dig
Results of Syntax Checker (
make test
)