+1
On 4/27/2023 10:11 AM, Brotman, Alex wrote:
In summary:
“Report senders SHOULD attempt delivery via SMTP using STARTTLS to
all receivers. Transmitting these reports via a secured session is
preferrable.”
I don’t think we should add this in, but receivers could deploy
DANE/MTA-STS if they wanted to ensure senders who honor those will
use TLS.
--
Alex Brotman
Sr. Engineer, Anti-Abuse & Messaging Policy
Comcast
*From:* dmarc <[email protected]> *On Behalf Of * Hector Santos
*Sent:* Wednesday, April 26, 2023 4:29 PM
*To:* Scott Kitterman <[email protected]>
*Cc:* IETF DMARC WG <[email protected]>
*Subject:* Re: [dmarc-ietf] I-D Action:
draft-ietf-dmarc-aggregate-reporting-10.txt
On Apr 26, 2023, at 3:50 PM, Scott Kitterman
<[email protected] <mailto:[email protected]>> wrote:
I think it would be crazy in 2023 not to use STARTTLS is offered.
+1
Personally I interpreted it more as employ a secure transport
and think through if you really want to be sending the report if
you can't.
I think there's some room for interpretation and I think that's
fine.
I believe connectivity is independent of the application.
All connections SHOULD assume the highest possible security
available today.
For unsolicited email, the presumption would be:
Port 25
STARTTLS
If I was start performing reports (and I think I will), that is how
I would begin, naturally, with outbound SMTP clients with optional
TLS if offered.
Sorry if I was not focused with the main question,
—
HLS
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
--
Hector Santos,
https://santronics.com
https://winserver.com
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
