On Fri 12/Sep/2025 08:56:25 +0200 Steven M Jones wrote:
I'll take another look at -15 in the morning, but in section 7.1, second
paragraph, end of the last sentence: the substitution of "path" for "domain" is
confusing. I suppose it's probably just me, but bear with me just in case.
I was planning to report these minor substitutions:
s/contracts with an entity/sends reports to an entity/
s/using the wrong sending domain/using the wrong sending path/
s/By report providers:/By report generators:/
But then they seemed so minor...
The section is about data exposure. How is the data exposed via failure
reports? When somebody uses the wrong domain in the rfc5322.From, not because
they routed the message through the wrong MX or forwarding intermediary, or
made a TCP connection through the wrong routers. What's the reason for not
using "domain" here?
Perhaps I misunderstood the meaning of the last clause, as I identified the
sending domain with the to-be-authenticated domain. I thought the clause meant
that the message wasn't properly signed because it was sent through the wrong
MTA, and thus (unexpectedly) reported. The following paragraph seems to be an
example of this.
Indeed, data is exposed whenever the message is reported.
If the sense of that clause is the rfc5322.From domain, it should be written
that way. Are we talking about messages which are mistakenly or accidentally
abusive?
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
