On Thu, Aug 19, 2021 at 11:24 AM Todd Herr <todd.herr= 40valimail....@dmarc.ietf.org> wrote:
> > Mail Receiver: To implement DMARC, a mail receiver MUST do the > > following: > > > * Perform DMARC validation checks on inbound mail > > > * Perform validation checks on any authentication check results > > recorded by mediators that handled the message prior to its > > reaching the Mail Receiver. > > > * Send aggregate reports to Domain Owners at least every 24 hours > > when a minimum of 100 messages with that domain in the > > RFC5322.From header field have been seen during the reporting > > period > > Let's discuss... > I'm of the opinion that this last bullet can't be a MUST. I understand that operators in this space really want this to be mandatory, but we are going to run into cases where doing this is difficult or impossible either because of operational difficulties (think resource-constrained environments) or policies ("I am not willing to share any detail about what mail arrives here"). Making this a MUST explicitly disqualifies them. Moreover, I would claim that not generating aggregate reports does not impede interoperability at all, which means use of MUST or even SHOULD here is not appropriate. -MSK, participating only
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc