On Sat 23/Jan/2021 15:13:53 +0100 Douglas Foster wrote:
I can fully endorse Murray's position that alignment reporting is beneficial, even when the sending domain is malicious. However, it is also off-topic. My focus is on disposition reporting, not alignment reporting.
I see.
Bottom line: The perceived risk of disposition reporting will differ with each person, and therefore with each reporting domain. The specification would be improved by providing a way for skeptical domain owners to redact information that they do not wish to disclose. Currently, the options are to (a) not report at all, or (b) report ambiguous and slightly misleading information such as "dispostion=quarantine, overridereason=other". A better option would be to have options to state "dispositioin=not specified, overridereason=not specified".
The information that reports actually disclose is when they say why the disposition differs from what the author's domain asked. That info is given in the comment field, which can be "forwarded", "sampled_out", "trusted_forwarder", "mailing_list", "local_policy", or any other reason. This field is already optional.
Saying "none" without explaining why doesn't really disclose much, does it? Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
