On Mon, Oct 3, 2022 at 10:26 AM Brotman, Alex <[email protected]> wrote:
> So we would likely need a section in the core document with a SHOULD for > evaluation (if it’s not already there), and then a section in the aggregate > reporting for a MUST for reporting on evaluated information (if they choose > to send reports at all), correct? > I'm having a hard time coming up with a crisp answer to this. >From a security perspective, failing to do either of these doesn't create any sort of security exposure, so neither is justified. >From an operations perspective, you could argue that doing both is necessary for robustness and operator sanity (i.e., the complete picture is recorded which enables debugging), so both are justified. >From the actual protocol standpoint, the filtering part of DMARC operates just fine if you make the shortcut Doug is proposing, so the first SHOULD is probably apt but the MUST is moot because it doesn't change interoperability. I guess it depends on what we think the priority is. -MSK >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
