On Thu, Aug 19, 2021 at 11:24 AM Todd Herr <todd.herr=
40valimail....@dmarc.ietf.org> wrote:
>
> Mail Receiver: To implement DMARC, a mail receiver MUST do the
>
> following:
>
>
> * Perform DMARC validation checks on inbound mail
>
>
> * Perform validation checks on any authentication check results
>
> recorded by mediators that handled the message prior to its
>
> reaching the Mail Receiver.
>
>
> * Send aggregate reports to Domain Owners at least every 24 hours
>
> when a minimum of 100 messages with that domain in the
>
> RFC5322.From header field have been seen during the reporting
>
> period
>
> Let's discuss...
>
I'm of the opinion that this last bullet can't be a MUST. I understand
that operators in this space really want this to be mandatory, but we are
going to run into cases where doing this is difficult or impossible either
because of operational difficulties (think resource-constrained
environments) or policies ("I am not willing to share any detail about what
mail arrives here"). Making this a MUST explicitly disqualifies them.
Moreover, I would claim that not generating aggregate reports does not
impede interoperability at all, which means use of MUST or even SHOULD here
is not appropriate.
-MSK, participating only
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
