short answer: if the timeframe is relatively short (e.g. weeks or a few months) i would hold off going live when you can provide reporting.
long answer: side effects? not so much. rather i would be more concerned about the tendency of shipped software to retain the as-shipped feature set for a longer-than-intended period of time, regardless of our best intentions to iteratively and/or continuously update said feature sets. part of the reason this list exists is to encourage and support independent (e.g. by non-DMARC member orgs/folks) development and deployment of DMARC implementations. since reporting plays such a central role in DMARC's end-to-end efficacy, i would very much request that you bring your product to market when it supports, at minimum, aggregate reporting. that said, you're correct there's value in swiftly getting into a state where domain-based auth policies are enforced. barring so far unmentioned pressures to the contrary, i just would trade off reporting to gain an earlier "ship" date. -p On 20-Sep/12 10:03 AM, [email protected] wrote: > > > Murray -- you're at Facebook now. Shouldn't that be "Like", not "+1"? > > Actually, I have a serious question. We're working on incorporating DMARC > in our service right now. I want to put a feeler out on the desirability > of authenticating/enforcing sender's DMARC policies, but not providing > reports, as a first step to integration. > > My sense is that it's valuable to senders to have receivers enforce their > (DMARC-defined) ADSP, even in the absence of reporting. It's also > valuable to our customers as an anti-phishing measure. > > Is it better to do this, or to hold off on enforcement until the senders > can also get reports from us? Since not all senders request reporting, I > assume it's better to enforce than to do nothing at all. > > I know it's always easier to apologize than to ask permission. I just > want to make sure there isn't some side-effect I've overlooked. > > Thanks, > J > > On 9/20/12 9:23 AM, "Murray Kucherawy" <[email protected]> wrote: > >> >+1 >> > >> >-MSK (full-time moderator) >> > >> >On 9/20/12 8:56 AM, "Tim Draegen" <[email protected]> wrote: >> > >>> >>Constructive dialogue is most welcome. However, please refrain from name >>> >>calling on this list. >>> >> >>> >>Thank you, >>> >>=- Tim (part time moderator) >>> >> >>> >> >>> >>_______________________________________________ >>> >>dmarc-discuss mailing list >>> >>[email protected] >>> >>http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>> >> >>> >>NOTE: Participating in this list means you agree to the DMARC Note Well >>> >>terms (http://www.dmarc.org/note_well.html) >> > >> > >> >_______________________________________________ >> >dmarc-discuss mailing list >> >[email protected] >> >http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> > >> >NOTE: Participating in this list means you agree to the DMARC Note Well >> >terms (http://www.dmarc.org/note_well.html) >> > > > > > <https://serviceB.mimecast.com/mimecast/click?account=C1A1&code=36dead9b59dd29 > 7ae03390a5c89a8258> > > > > > > [ Our Blog > <https://serviceB.mimecast.com/mimecast/click?account=C1A1&code=2faf5883234aa4 > 58782709201f7245e5> ] [ Twitter > <https://serviceB.mimecast.com/mimecast/click?account=C1A1&code=445794e3c23b3e > c7419a7e639f7a5055> ] [ YouTube > <https://serviceB.mimecast.com/mimecast/click?account=C1A1&code=2421b8c1fbcb5b > 34e46279ec6d0471ce> ] > > > > John Sweet > Principle Software Engineer > m: 00 1 415 425 3743 > www.mimecast.com > <https://serviceB.mimecast.com/mimecast/click?account=C1A1&code=651e3583916740 > 2c30e5fb8fa32faec2> > > Mimecast North America Inc > > > 500 Howard Street, Suite 405 San Francisco, CA 94105 > +1 800 660 1194 > > Disclaimer > The information contained in this communication from [email protected] > sent at 2012-09-20 18:03:28 is confidential and may be legally privileged. It > is intended solely for use by [email protected] and others > authorized to receive it. If you are not [email protected] you are > hereby notified that any disclosure, copying, distribution or taking action > in reliance of the contents of this information is strictly prohibited and > may be unlawful. > > > This email message has been scanned for viruses by Mimecast. > Mimecast delivers a complete managed email solution from a single web based > platform. > For more information please visit http://www.mimecast.com > <http://www.mimecast.com> > > _______________________________________________ dmarc-discuss mailing list > [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
