Re: [dmarc-ietf] Recipient domain in aggregate reports (#23)

"Murray S. Kucherawy" <> Sat, 08 May 2021 18:11 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 15D433A0BCA for <>; Sat, 8 May 2021 11:11:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 9kFh-R8EQP_R for <>; Sat, 8 May 2021 11:11:51 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::a36]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 5C6243A0BC7 for <>; Sat, 8 May 2021 11:11:51 -0700 (PDT)
Received: by with SMTP id u205so2577802vke.10 for <>; Sat, 08 May 2021 11:11:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=JxAafuz3XRMTlFNM1CvaC2FLGL5PheJ9/0qvcWeXqmc=; b=WKHYXmWgc274BSmjXNxy0Yv06oluj8ShTiVZPKE8o3i0+306F3p4R1TZO0uWx/Laye yB8ydnMlsqaCwqAhG7iS+TvGTMW12HbY3N5sEtfIbdeMQXaA/Uvfupn9flaHibRVrnjy YzMFg1KYTwEOic+9TNO4QRSuGaecfIpCcwz5hN34AoBQ6qmxfpYUDB51toYz8UMDLfJb 3LLTxCsIVOa41jqO4GlUpR+CN9oKwgcukw8YPbBQXsjcwGehfmxHzQx7aXJCKLNaKKBh HeOigGKwqsZ0iMPaO/IUJYJ9R3zf/fHpVIIcHLX+4LeZbYmeE221zFQ/X3F/yLWQ9cv+ n98w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=JxAafuz3XRMTlFNM1CvaC2FLGL5PheJ9/0qvcWeXqmc=; b=JtdnUShFuhkJHSy4y5JziUAaay0cSVZ6sk85LPfj6lgJIPLTSeKVerseaI7aQtijDs ZtmClmrT3tP665GOM5/s7S6WnaZYakjif+MyCgnAcY3OGCh6Hul2EkDFx9tAw9GHMEMD d8MikoEjFrxMPGhA0zTv872iKkt9n374wGvPuKHIkZXiS/dUyq/kTSCdeM0Xz/Pm7En/ NKr7kM6cqwPxh6VabcLgzZ+482VDVRwUQbgNwqK5g8StzOlnkOKgCvIcnBfGg1IZoOdN nnE41MVBYjadlzM4VeCd+mzKffMIGYvuV55/Sprdvt0Dq1h0GDqmDZVZo/ARhlbPXBd1 QaUg==
X-Gm-Message-State: AOAM530/8HdPn0bXkIIb9QELV8CSTZUTgf5ZeZPOh8h7kYAgCxmsycky 3TI2jKjcQX7a706deBMHSdd9oKNnS8ZdqnS4b7P0fbXUwy4=
X-Google-Smtp-Source: ABdhPJzCTHBKI8B7T6ASM4lty2k0ljuxhWW1zszQ8MClqvwO0WCCRuGB7uWjvNPhPWD8LEVqGXbrK0tgJXXe9GkUEWY=
X-Received: by 2002:ac5:c7a9:: with SMTP id d9mr12423307vkn.5.1620497509504; Sat, 08 May 2021 11:11:49 -0700 (PDT)
MIME-Version: 1.0
References: <20210502203007.2AE156284F0@ary.qy> <> <> <> <> <> <> <> <> <> <> <> <>
In-Reply-To: <>
From: "Murray S. Kucherawy" <>
Date: Sat, 8 May 2021 11:11:36 -0700
Message-ID: <>
To: Alessandro Vesely <>
Content-Type: multipart/alternative; boundary="00000000000069d96605c1d57a6b"
Archived-At: <>
Subject: Re: [dmarc-ietf] Recipient domain in aggregate reports (#23)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 08 May 2021 18:11:56 -0000

On Sat, May 8, 2021 at 7:31 AM Alessandro Vesely <> wrote:

> > - #62 makes reporting mandatory, which leaves the mail receiver with no
> > means to mitigate the privacy threat.

#62 (assuming it has WG consensus) makes it clear we really want reporting
to be mandatory, but at a glance I don't see any "MUST generate" sort of
language in the draft.  It may be in the other draft, but I haven't looked
there yet.  This draft does a pretty firm job of extolling the virtues of
report generation, however.

Personally, I think mandatory reporting wouldn't survive Last Call or IESG
Evaluation.  Even if it did, there's no mechanism to enforce it (i.e.,
operators that don't want to send such reports simply won't, and that's
that), other than maybe industry peer pressure, so I think what's in the
draft is as close as we can get.

Making it mandatory is possible since RFC 8962 established the protocol
> police.

I trust we're all aware of the significance of the publication date of that