[dmarc-ietf] draft-ietf-dmarc-failure-reporting-20 ietf last call Artart review

Wed, 26 Nov 2025 10:53:14 -0800 

Document: draft-ietf-dmarc-failure-reporting
Title: Domain-based Message Authentication, Reporting, and Conformance (DMARC)
Failure Reporting Reviewer: Marco Tiloca Review result: Ready with Nits

I reviewed this document as part of the Applications and Real-Time (ART) Area
Review Team's ongoing effort to review all IETF documents being processed by
the IESG. These comments were written primarily for the benefit of the ART Area
Directors. Document authors, document editors, and WG Chairs should treat these
comments just like any other IETF Last Call comments.

Thanks for this document! I believe it is basically ready.

Please see below a few minor comments.

Best,
/Marco

[Abstract]

* The IDnits checker reports the following:

> -- The draft header indicates that this document obsoletes RFC7489, but the
abstract doesn't seem to mention this, which it should. > > -- The draft header
indicates that this document updates RFC6591, but the abstract doesn't seem to
mention this, which it should.

[Section 2]

* Just a suggestion: the text from "Failure reports represent a possible
denial-of-service attack ..." until the end of the section could be more
appropriate for security considerations.

  It might be moved to a new Section 8.1 "Denial of Service", which Section 2
  can point to.

[Section 5]

* "Without this check, a bad actor ..."

  Which check? I guess it can be clarified in two possible ways.

  1. Expand the sentence to say something like: "Without checking and
  successfully verifying the authenticity, trustworthiness, and aware
  participation of an external destination, a bad actor ..."

  or

  2. Make the following editing:

     - Change "Without this check, a bad actor could publish ..." to "This
     prevents a bad actor from publishing ..."

     - Change "Therefore, in case of external ..." to be "In case of external
     ..."

     - Swap the second and third paragraph.

[Section 6]

* It says:

  > which is part of ""Messaging Abuse Reporting Format" registry, ...

  It should say:

  > which is part of the "Messaging Abuse Reporting Format (MARF) Parameters"
  registry group, ...

[Nits]

* Abstract
--- s/"failure reports," or/"failure reports", or

* Section 3
--- s/and [RFC6652] respectively/and [RFC6652], respectively

* Section 7.1
--- s/e.g. RFC5322/e.g., RFC5322

* Section 7.3
--- s/And all of/All of



_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]

Reply via email to