NOTE: adjusted ticket number, #23 to #62
On Sat 08/May/2021 20:51:15 +0200 John Levine wrote:
It appears that Murray S. Kucherawy <superu...@gmail.com> said:
Personally, I think mandatory reporting wouldn't survive Last Call or IESG
Evaluation. Even if it did, there's no mechanism to enforce it ...
Indeed. I check DMARC on all my incoming mail, but it is unlikely
that I will ever get around to sending reports.
It'd be interesting to know what refrains you to do DMARC aggregate reports.
For the opposite POV, I can say I generate these reports because they make an
interesting, albeit partial, view of my incoming mail traffic. Then, among the
silly reasons why I send them:
* I don't think any PII leaks out that way,
* the spirit of global community suggests helping peers is a Good Thing,
* outgoing reports constitute a relevant part of my nanoscopic outgoing
traffic, so they help keep my IP warm.
More to the point, IETF standards tell people what to do if you want
to interoperate, not how the document's authors might wish the world
were different. You can obviously implement all of DMARC processing on
inbound mail without ever sending a report, so in this place MUST is
simply wrong.
Agreed, SHOULD seems to be the right world here. I'd expect your reply to the
above question to provide subject matter for the reasons why an operator may
want to not do it. In addition, there could be reasons for not sending a
specific aggregate report, such as locally imposed or remotely requested size
limits, and local policy about the target domain, its IP(s), country, or whatever.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
