On 6/27/25 9:53 AM, Murray S. Kucherawy wrote:
On Tue, Jun 17, 2025 at 5:06 AM Douglas Foster
<[email protected]> wrote:
Are you willing to tell this long list of companies that we are
deprecating one of their product lines because they are taking
money from customers for a "service" that adds no value, while
also taking data they should not have?
I don't think this question is material to a standards body.
I agree we're not here to create or support a business model. IMO that
includes not removing part of the "self boot-strapping" option for DMARC
deployment, by making failure reporting only available as a pay-to-play
commercial service.
The question with which I believe the IETF is concerned is limited to
whether this part of DMARC is (a) valuable to make the Internet work
better; (b) [likely to be] in broad use, justifying standardization;
and (c) not clearly flawed or inferior to something else.
Failure reports have already been standardized, have been in use for
many years, and continue to be used, responding to (a) and (b). They may
be less common, but the practice continues. And the contents are and
should be different, which is why we've updated the documentation with
current practical and security/PII considerations, addressing (c).
All of which speaks to why we need to publish the updated failure
reporting document.
--S.
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
