On Mon 25/Jan/2021 19:01:28 +0100 John Levine wrote:
In article <63451726-124b-c24f-3be1-d6435e12c...@tana.it> you write:
OLDER:
These reports SHOULD include the "call-to-action" URI(s) from inside
messages that failed to authenticate.
Well, you can guess where that came from.
Should we mention fraudster takedowns among the purpose of failure reports?
NEW:
These reports SHOULD include as much of the message and message header
as is reasonable to support the Domain Owner's investigation into what
caused the message to fail authentication and track down the sender,
unless privacy reasons suggest otherwise.
I'd strip it down more.
These reports should include as much of the message header and body as
possible, consistent with the reporting party's privacy policies, to
enable the Domain Owner to diagnose the authentication failure.
committed.
The "should" is deliberately lower case since it's not something you can
describe mechanically.
Someone will question it anyway, I'd guess.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
