2RFC 7489, "Domain-based Message Authentication, Reporting, and Conformance (DMARC)", March 2015
3Source of RFC: INDEPENDENT
9Publication Format(s) : TEXT
10Reported By: Scott Kitterman
11Date Reported: 2021-11-01
15 3. Search the public suffix list for the name that matches the
16 largest number of labels found in the subject DNS domain. Let
20 3. Search the ICANN DOMAINS section of the public suffix list for
21 the name that matches the largest number of labels found in the
22 subject DNS domain. Let that number be "x".
26The PSL includes both public and private domains. RFC 7489 should have limited name matching to the public, ICANN DOMAINS section of the PSL. As an example, using the current PSL, the organizational domain for example.s3.dualstack.ap-northeast-1.amazonaws.com is example.s3.dualstack.ap-northeast-1.amazonaws.com, not amazonaws.com since it is listed in the private section of the PSL. This is clearly the wrong result.