On Oct 25, 2023, at 3:57 AM, Olivier Hureau <olivier.hur...@univ-grenoble-alpes.fr> wrote:
On 25/10/2023 08:10, Steven M Jones
wrote:
It's not so much changing the handling as changing the
reporting.
*
The policy to apply is "none," because the p/sp/np value was
faulty. Done.
* Next step, if there's no "rua" target you can't report
- which is now equivalent to bailing out of DMARC processing for
this message.
I am not fan of this exceptions, it breaks the ABNF ... 'A
DMARC policy record MUST comply
with the formal specification found in Section
5.4
'
The record 'v=DMARC1; p=foobar;
rua=mailto:r...@example.com' does not comply with the formal
specification (ABNF rule dmarc-request)
Furthemore, 'mailto://example.com' is a valid URI according to
RFC3986. If we take into consideration the record 'v=DMARC1;
p=foobar; rua=mailto://example.com' : a 'rua' tag is present and
contains at least one syntactically valid reporting URI (no need
to have a mailto). Who are we going to send the reports specifying
the errors?
What about using the error report of RFC 7489 for this purpose
instead of aggregate report? (
https://datatracker.ietf.org/doc/html/rfc7489#section-7.2.2 )
I have never seen any error report but I think that error reports
were a great ideas because they can advertise the domain owner
(through the valid URI) for any failing external destination
verification
We could also use the error reports for to reports any syntactic
errors in the record could be also useful, in my opinion.
Email is not dead! Now the bad news: error reports (commonly called failure or forensic reports are not long for this world. The only major MBP that I see failure reports from is Yahoo. I’m not advocating eliminating failure reports altogether as when one of these mythical creatures appears they can be very useful. But I wonder if Yahoo discusses stopping failure reports then failure reports would be far less useful. I do understand the PII concerns.
My point is that the concept of failure reports sounds good in theory but I’d say we are in irons now with a decent chance of running aground. It might be an opportune time to rethink the failure report. I don’t know.
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
|
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
