On 24/11/2016 21:40, Murray S. Kucherawy wrote: > +1 to Terry's points. On the other hand, "fi" is described mainly as > a > request (modulo the SHOULD NOT, which is debatable in my opinion) > which means DMARC verifiers are free to ignore it.
It's a request, but my intend was it MUST be supported when the "ruf" tag is honored. Only if there is no "ruf", or a report generator ignores the "ruf", than the "fi" may be ignored. (I know some report generators don't implement "ruf", for reasons of privacy). But it's a draft, so everything is debatable as far as I am concerned. I welcome any suggestion. > Terry: Would it be helpful at all for a large operator to get signal > that this small operator will be easily overwhelmed, or does it really > make a difference? That's what is is: nothing more than a signal and/or a request? Just like the "ri" tag, basically. > Marco: I don't agree with the use of ARF's "Incidents" count in this > way, because that field is intended to indicate the number of > identical incidents that were aggregated into a single report. If you > want to use that mechanism, it should be clear that only identical > attack incidents should be reported that way. Good point. It's probably gonna be hard to define what exactly an identical incident is. Does an identical 'from', identical 'subject' but different 'to' count as the same incident for example? If this is getting too complicated, I don't mind leaving this part out of the draft altogether. What do you think? Shall I leave it out? Or do you like to propose some alternative text? -- Marco _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc