If it is deprecated because people do not use it, or deprecated because something better has taken its place, then we are in our lane.
When we deprecate something because we think other people should not be using it, we have a very high burden. We are at minimum expressing our judgement that we know their interests better than they know their own, which is the spirit of Internet policing. I find the privacy concerns much less worrisome than the group consensus. There is so much evidence that email privacy has been lost that this postulated loss vector is as trivial as it is speculative. It is appropriate to document the issue, because report senders need to be cognizant of how their regulatory environment affects their ability to participate. But beyond that, requesting and sending reports is voluntary on both ends. Collectively, I see no justification for inserting ourselves into that decision process I find the potential denial of service risk a much greater obstacle to participation, but this document also does a good job of documenting that risk and seeing to mitigate it. Doug On Sun, Jun 29, 2025, 2:05 PM Murray S. Kucherawy <[email protected]> wrote: > On Fri, Jun 27, 2025 at 11:37 AM Douglas Foster < > [email protected]> wrote: > >> My position is that any attempt to deprecate failure reporting is an >> attempt to be the Internet police, which many have said is not our job. >> > > I don't know how you can make that connection. If we remove failure > reports from DMARC, they simply are excluded from the standard. Nobody is > forcing anyone using them today to stop. And RFC 7489 isn't going to be > unpublished, so there's still something to reference. > > -MSK > >
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
