From: "SM" <[EMAIL PROTECTED]>
>> What are the report limits? Is the report-domain paying the validator
>> to send reports, because if not, it could be pretty costly.
>
> The validator decides whether to send reports or not. Note that I am
> not suggesting that automated reports should be sent or that this tag
> should be used for them.
Right, my only point was to highlight necessary wording for the
specification describing the issues related to this tag (r=).
Mainly, in general, domains should not depend nor expect validators to honor
this reporting tag unless there is a special "contract" between them to
obtain this valuable feedback.
The specs currently say:
| r= Email address for reports and inquiries regarding the signing
| policy for this entity (plain-text; OPTIONAL, default is no
| contact address available).
Additional text along the following thought process SHOULD|MUST be needed:
Validators are not obligated to honor this signer reporting tag,
nor obligated to send reports to the signing domain.
Maybe adding one sentence or short paragraph explaining the security
reasons.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
