On Sun 15/Dec/2024 19:59:10 +0100 John Levine wrote:
It appears that Alessandro Vesely <[email protected]> said:
Hi all,
there are discussions about how mandatory it is to send aggregate reports.
Mandating it is not so light, even though without reports DMARC would loose
much of its appeal, because implementing them is not so straightforward.
In this respect, keeping track of how many times a domain modified its policy
during the day is a daunting task for two reasons, because of how DNS works and
because of how data can be stored during the day. The requirement is expressed
in the sentence:
A single report MUST contain data for one policy configuration.
That's easy. Delete that sentence and put back the language in RFC 7489 sec 7.2
that explains why it's impossible and report receivers need to deal with it.
The language in RFC 7489 is rather lengthy:
Note that Domain Owners or their agents may change the published
DMARC policy for a domain or subdomain at any time. From a Mail
Receiver's perspective, this will occur during a reporting period and
may be noticed during that period, at the end of that period when
reports are generated, or during a subsequent reporting period, all
depending on the Mail Receiver's implementation. Under these
conditions, it is possible that a Mail Receiver could do any of the
following:
o generate for such a reporting period a single aggregate report
that includes message dispositions based on the old policy, or a
mix of the two policies, even though the report only contains a
single "policy_published" element;
o generate multiple reports for the same period, one for each
published policy occurring during the reporting period;
o generate a report whose end time occurs when the updated policy
was detected, regardless of any requested report interval.
Such policy changes are expected to be infrequent for any given
domain, whereas more stringent policy monitoring requirements on the
Mail Receiver would produce a very large burden at Internet scale.
Therefore, it is the responsibility of report consumers and Domain
Owners to be aware of this situation and allow for such mixed reports
during the propagation of the new policy to Mail Receivers.
Where did that sentence come from? Wasn't it obvious that it's impossible to
do?
That sentence appeared in version -01, February 2021, under "ProposedAddition".
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
