Not sure if this is "significant" or not. I don't particularly like the title, but that's been that way for quite some time, so for WGLC, meh.
The particular concern I have is with the text that was added right before WGLC about multi-valued RFC5322.From fields. It includes the statement: > Such an approach might prove useful for a small number of Author > Domains, but it is likely that applying such logic to messages with a larger > number of domains (as defined by each Mail Receiver) will expose the > Mail Receiver to a form of denial of service attack, and so applying a > negative disposition decision to the message may be the best course of > action. In particular, the word "likely" seems a bit much. Additionally, I think beyond the Domain Owner DMARC policy published in a DMARC record, I think discussions about message disposition are outside the scope of this document. How about this instead: > Such an approach might prove useful for a small number of Author > Domains, but it is possible that applying such logic to messages with a > large number of domains (as defined by each Mail Receiver) will expose the > Mail Receiver to a form of denial of service attack. Limiting the number of > Author Domains processed will avoid this risk. If not all Author Domains > are processed, then the DMARC evaluation is incomplete. I don't think we need to tell people what to do with such messages. I think this is enough. Scott K _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
