On Mon, Aug 18, 2025 at 9:09 AM Todd Herr <[email protected]> wrote:
> On Mon, Aug 18, 2025 at 8:16 AM Dotzero <[email protected]> wrote: > >> >> On Mon, Aug 18, 2025 at 6:04 AM Alessandro Vesely <[email protected]> wrote: >> >>> Hi, >>> >>> I'd modify the last sentence of the 2nd paragraph like so: >>> >>> NEW >>> Failure reports are normally generated and sent almost immediately >>> after the Mail Receiver detects a DMARC failure. Rather than waiting >>> for an aggregate report, these reports are useful for quickly >>> notifying the Domain Owners when there is an authentication failure. >>> Failure reports also provide more information about the failed message >>> than is available in an aggregate report. This allows the failure >>> report consumer to determine with certainty whether the failure is due >>> to an infrastructure problem or the message is illicit. >>> >>> >>> Failure reports are normally generated and sent almost immediately >> after the Mail Receiver detects a DMARC failure. Rather than waiting >> for an aggregate report, these reports are useful for quickly >> notifying the Domain Owners when there is an authentication failure. >> Failure reports also provide more information about the failed message >> than is available in an aggregate report. This allows the failure >> report consumer to better determine whether the failure is due >> to a Sender/path problem or the message is from an unrelated origin and >> potentially malicious. >> >> > I'd propose language that's a bit more neutral (ALL CAPS for emphasis): > > Failure reports are normally generated and sent almost immediately > after the Mail Receiver detects a DMARC failure. Rather than waiting > for an aggregate report, these reports are useful for quickly > notifying the Domain Owners when there is an authentication failure. > Failure reports also provide more information about the failed message > than is available in an aggregate report. This allows the failure > report consumer to better determine whether the failure is OF A > MESSAGE THAT THE DOMAIN OWNER INTENDED TO AUTHENTICATE > OR ONE FOR WHICH USE OF ITS DOMAIN WAS NOT AUTHORIZED. > > -- > Todd Herr > Some Guy in VA LLC > [email protected] > 703-220-4153 > Todd, I think your wording is an improvement. I support this change. Michael Hammer
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
