On Fri, Aug 3, 2018 at 11:04 AM, Dave Crocker <[email protected]> wrote: > > At a minimum, I suggest clear and relatively forceful language, making > clear the privacy concerns. (Privacy is new enough and, frankly, fuzzy > enough as a technical topic, to warrant the redundancy I usually argue > against...) >
What would you suggest? Might this be better in "Experimental Considerations" instead of a "Privacy Considerations" section? (Or to your below comment, in both places?) > Perhaps change the explanatory text to something like: > > The address of the initiating SMTP server, from which the message is > being relayed. Will do. > but that's a much smaller privacy concern that I think is out-weighed by >> the utility of having it here. Especially >> considering that it's already in the Received and Received-SPF headers. >> >> Also, it is obviously optional, is SHOULD the wrong choice? >> > > Yes. The semantics of should is 'must do this, unless you are extremely > careful and know exactly what you are doing'... > > So MAY is probably the right choice. As a receiver of reports, this IP is crucial information, because otherwise the message source is badly obfuscated by intermediary handling. This in turn becomes deeply confusing to a domain owner trying to effectively *do something* with the reports they receive. The feedback loop here is critical, and is incomplete without the IP. However, not every entity that ARC Seals has access to this information (for instance, Mailman uses LMTP and has no direct access to the IP of the incoming SMTP connection), which is why it is SHOULD. The intent is "must do this, unless you don't have the ability to or have other good reason."
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
