Hi all,
there are discussions about how mandatory it is to send aggregate reports.
Mandating it is not so light, even though without reports DMARC would loose
much of its appeal, because implementing them is not so straightforward.
In this respect, keeping track of how many times a domain modified its policy
during the day is a daunting task for two reasons, because of how DNS works and
because of how data can be stored during the day. The requirement is expressed
in the sentence:
A single report MUST contain data for one policy configuration.
Add to this that DMARC records don't change every day. To program reporting so
as to send N reports to a domain that changed configuration N times requires an
unjustified effort and can never result in neat reporting periods.
Couldn't we just replace that sentence with:
Configuration changes during the reporting period may result in
incongruent data, also depending on DNS caching.
?
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
