Aggregate reports include wrong published domain

[dlucredativ]

I have seen aggregate reports that I believe to originate from OpenDMARC (they have a boundary="report_section").

Those reports contain a feedback.policy_published.domain entry of the form subdomain.example.com, with example.com being the organizational domain. However, there is no DNS-Record _dmarc.subdomain.example.com, the reports are instead triggered by _dmarc.example.com. According to RFC7489 appendix C, the domain field of PolicyPublishedType is

The domain at which the DMARC record was found

so the value should actually be example.com.