On 1/25/21 10:02 AM, Seth Blank wrote:
Michael, are you aware of anyone not following the guidance in the document? This thread feels like we're discussing a non-issue. Aggregate reports are already required to be authenticated and I'm unaware of anyone sending failure reports, let along unauthenticated ones. Is the language causing problems? Such problems have not been brought to the list, and would be a good place to start if you want to build consensus.
From the looks of it, it doesn't seem like the security requirements of reporting was ever undertaken. There seems to be a wide range of disagreement even if there was given the thread from which this came. From there is actually text, to don't know if it's an issue, to there hasn't been a problem before (as if that were some sort of barometer), to authentication might inconvenience google, to contradicting your assertion that authentication in the way you mentioned can be done. Since this is going to proposed standard from informational, that is not a very good state of affairs, IMO.
Mike _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
