First: I note that you did not answer my direct questions. Please consider that when you see that people aren't understanding you.
> I test every message for SPF, aligned SPF, and aligned verified DKIM. With > one exception mentioned below, > I don't block on FAIL, but I do collect data. ... > I cannot imagine why I would give this up to only evaluate the domains that > have given me permission via a > DMARC policy. And here's where we have the disconnect: No one is suggesting that you should not do anything you find useful with the data you collect: no one wants you to give anything up. All we are saying is that when a domain owner does not publish a DMARC policy, anything you choose to do is outside of the DMARC spec, because DMARC is about the policies that domain owners publish. > I think documenting this approach would help a lot of other evaluators and > software developers. An informational document that suggests collecting data they way you're doing it, and documents things you can do with that data... would be a fine thing to write. You may, of course, do so, publish it as an Internet draft, and see if there's agreement to publish it through the IETF. Lacking that, you might get it published through the Independent stream. In any case, I don't see that it has anything to do with the DMARC protocol spec that we're working on now. Barry _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
