On Sat 05/Dec/2020 14:51:52 +0100 Brotman, Alex wrote: > > There's currently a ticket that suggests that the requirement for external > validation be removed. Today, if example.com has an RUA that points at > example.net, the latter must create a record as such: > > example.com._report._dmarc.example.net TXT "v=DMARC1"
Actually, the record can also be: example.com._report._dmarc.example.net TXT "v=DMARC1; [email protected]" or even, considering a parallel thread: example.com._report._dmarc.example.net TXT "v=DMARC1; [email protected], /https://www.example.net/report/"; That way, external services have the ability to control or suspend their service. I think this is an essential requirement. Let's keep it. > The original thought was that a bad actor could overwhelm a target with > unrequested reports. It seems in reality, most report generators only send > once per day. Once-per-day has to be amended. See ticket #71. > Additionally, there appear to be some generators who ignore the absence of > these records. Aggregate reports are often tagged as spam anyway, but when sent in violation of the spec such tagging is certainly deserved. > https://tools.ietf.org/html/rfc7489#section-7.1 Why don't you refer to either of the drafts we're editing: https://tools.ietf.org/html/draft-ietf-dmarc-aggregate-reporting-00#section-2.1 https://tools.ietf.org/html/draft-ietf-dmarc-failure-reporting-00#section-3.2 BTW, this duplication is worth yet another ticket. Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
