Re: [dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-20 Thread Alessandro Vesely
On Thu 19/Aug/2021 20:23:50 +0200 Todd Herr wrote: Greetings. Opening a discussion on two tickets at once, because I think they're related, especially as presented in the current revision of DMARCbis. Both topics are addressed in Section 8, Minimum Implementations, which currently reads in its

Re: [dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-19 Thread Murray S. Kucherawy
On Thu, Aug 19, 2021 at 1:50 PM Dotzero wrote: > I'm troubled by this whole section. Unless IETF is getting into the > certification or enforcement business, documenting anything about > "implementation claims" would seem to be a non-starter. Do we have any > similar requirements for "claims"

Re: [dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-19 Thread John Levine
It appears that Todd Herr said: > flows for the domain or sub-domains. It is not yet ready to commit > to conveying a severity of concern for unauthenticated email using > its domain. That's just wrong. I've looked at the numbers, and p=none perfectly communicates my level of concern.

Re: [dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-19 Thread Dotzero
I'm troubled by this whole section. Unless IETF is getting into the certification or enforcement business, documenting anything about "implementation claims" would seem to be a non-starter. Do we have any similar requirements for "claims" about implementing SMTP, DNS or other standards? We should

Re: [dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-19 Thread Todd Herr
On Thu, Aug 19, 2021 at 3:53 PM Brotman, Alex wrote: > I also feel like the document needs a better definition of Mediator (I > didn’t see one in the document). > It's implied/inferred from this text in Section 3.1, Conventions Used in This Document: Readers are encouraged to be familiar

Re: [dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-19 Thread Brotman, Alex
I tend to agree on that last Receiver bullet being unenforced. If I had to choose between an organization deploying DMARC without reporting, or holding up on deploying DMARC because they can’t provide reporting for X,Y,Z reasons .. I’m choosing the former. Does it potentially leave a hole in

Re: [dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-19 Thread Murray S. Kucherawy
On Thu, Aug 19, 2021 at 11:24 AM Todd Herr wrote: > >Mail Receiver: To implement DMARC, a mail receiver MUST do the > >following: > > >* Perform DMARC validation checks on inbound mail > > >* Perform validation checks on any authentication check results > > recorded by

[dmarc-ietf] Ticket #66 (Define What It Means to Have Implemented DMARC) and #62 (Reporting a MUST)

2021-08-19 Thread Todd Herr
Greetings. Opening a discussion on two tickets at once, because I think they're related, especially as presented in the current revision of DMARCbis. Both topics are addressed in Section 8, Minimum Implementations, which currently reads in its entirety: 8. Minimum Implementations Domain