On 2/1/2021 5:38 PM, John R Levine wrote:
So I would say that from my small sample, a lot of people have figured out how to send aligned reports,
and, to be thorough, some/alot have not.
either by using their regular signing engines or with an SPF record for the host that sends the reports. On the other hand, for reasons we've discussed that are evident to anyone familiar with DMARC, there's little reason to worry about fake reports, and authentication doesn't help even if there were.
exactly.
If we want to document existing practice, I guess we would say that reports should be authenticated and aligned if practical, but it's OK to send them if not.
exactly. d/ -- Dave Crocker dcroc...@gmail.com 408.329.0791 Volunteer, Silicon Valley Chapter American Red Cross dave.crock...@redcross.org _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc