This entire DMARC rewrite has been haunted by the lack of participation from those who should have been key stakeholders - the organizations which claim to be experts on email filtering to protect client networks.
It has not stopped the WG from proceeding, but it does raise doubts about the relevance of 11 years of work. I don't know why things are different for this document. On Mon, Jun 30, 2025, 2:30 PM Murray S. Kucherawy <[email protected]> wrote: > On Sun, Jun 29, 2025 at 12:16 PM Douglas Foster < > [email protected]> wrote: > >> I find the privacy concerns much less worrisome than the group >> consensus. There is so much evidence that email privacy has been lost >> that this postulated loss vector is as trivial as it is speculative. It >> is appropriate to document the issue, because report senders need to be >> cognizant of how their regulatory environment affects their ability to >> participate. But beyond that, requesting and sending reports is voluntary >> on both ends. Collectively, I see no justification for inserting >> ourselves into that decision process >> > > The WG can decide whether this needs to be preserved however it wishes. > But there's a cost to preserving it, in the sense that in doing so we make > it [part of] a standard, and now "we" (for some value thereof) own its > upkeep. If people generating or consuming those reports find > their standardization to be useful, it would be helpful to hear that from > them directly rather than by historical proxy. It's my impression (though > I could be mistaken) that none of the contemporary producers/consumers are > here arguing for their preservation. So if they want something changed > down the line, how do we find that out, and who's going to do the work? > > The pressure to remove it shouldn't come as a surprise. In standards > development, for every iteration of a standard, we tend to want to chip > away at the stuff nobody really uses. RFC 2026, which declared the > original set of three levels of "standard" at the IETF, is even explicit > that before something can advance to the next level (e.g., draft standard), > the absence of implementations of a proposed standard feature implies that > this feature has to be dropped. In this case, we know there are > implementations of the failure reports, which argues for preservation, but > if approximately nobody uses them, one might argue that this is the same as > non-implementation. > > I lean toward thinking they're not worth preserving, and I can give > specific reasons if that would be helpful, but I'm happy to yield to the > consensus if it differs. > > -MSK >
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
