In response to Seth Blank's call for issues of 9 May 2019: DMARC contains what are really two distinct mechanisms, a reporting mechanism and a policy mechanism. The policy mechanism is largely a request to the verifier about what to do in the event that a message is received that does not comply with policy.
There are domains that would like to receive reports, but whose usage of mail doesn't make it useful to express a policy. Conversely, there are domains that want to express a policy but aren't interested in reports. I'd like to advocate that DMARC be split up into two different documents dealing with reporting and policy separately. If it's useful to have a separate document that defines what it means to be "DMARC-compliant" that is referenced by both, that would be OK. There was a similar situation with MTA-STS which had both a policy and a reporting mechanism, and that was broken into two standards-track RFCs: RFC 8460 (SMTP TLS Reporting) and RFC 8461 (SMTP MTA Strict Transport Security). I consider this to be a relevant precedent. -Jim _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc