On 12/2/25 03:34, Alessandro Vesely wrote:
That was the wording proposed by Marco Tiloca
https://datatracker.ietf.org/doc/review-ietf-dmarc-failure-reporting-20-artart-lc-tiloca-2025-11-26/
I chose the first alternative he proposed, as it makes explicit the
concerns associated with sending these reports to an external
destination, thus allowing the reader to assess the extent to which
they are dispelled by the verification described in the protocol. I
understand, however, that it may seem awkward. Marco probably thought
so too, so much so that he proposed a second alternative, "This
prevents a bad actor from publishing ...", which is even smoother than
the one you proposed.
Further thoughts?
I'm aware, and of course defer if Marco or the other reviewers have
concerns.
If you prefer to use the "This prevents..." option that's fine, but for
agreement change the following sentence to something like: "This also
prevents a Domain Owner from unilaterally publishing a DMARC Policy
Record..."
It also introduces a tense/agreement issue (send -> sending), so -- meh,
here's a suggestion for the whole paragraph:
"This prevents a bad actor from publishing a DMARC Policy Record
requesting that failure reports be sent to an external destination, then
deliberately sending messages that will generate failure reports as a
form of abuse. This also prevents a Domain Owner from unilaterally
publishing a DMARC Policy Record with an external destination for
failure reports, forcing the external destination to deal with unwanted
messages and potential privacy issues."
Thanks,
--S.
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
