ietf-svn-bot
commented
3 years ago @todd.herr@valimail.com changed status from new to assigned
Closed ietf-svn-bot closed 3 years ago
ietf-svn-bot
commented
3 years ago @todd.herr@valimail.com changed status from new to assigned
ietf-svn-bot
commented
3 years ago @todd.herr@valimail.com _set owner to alex_brotman@comcast.com_
ietf-svn-bot
commented
3 years ago @todd.herr@valimail.com changed component from dmarc-bis to dmarc-aggregate-reporting
ietf-svn-bot
commented
3 years ago @todd.herr@valimail.com commented
Consensus on the list seemed to be to close this ticket (Thread had subject "Discussion: Removal of validation for external destinations (Ticket #76)")
Assigning to Alex, who brought it to the list, for final adjudication
ietf-svn-bot
commented
3 years ago _@alexbrotman@comcast.com commented
Consensus seems to be leave it as is. No one (other than me) suggested we remove it.
ietf-svn-bot
commented
3 years ago _@alexbrotman@comcast.com changed status from assigned to closed
ietf-svn-bot
commented
3 years ago _@alexbrotman@comcast.com set resolution to wontfix
keyword_policykeyword_reportingkeyword_reportskeyword_ruaowner:alex_brotman@comcast.comresolution_wontfixtype_enhancement| by todd.herr@valimail.comRFC 7489, Section 7.1 mandates verification steps to take in the event that the Organizational Domain for the discovered DMARC policy does not match the Organizational Domain for the host part of the "rua" or "ruf" tag in the discovered policy.
The theory at work here is that bad actors could flood a victim address with reports by generating a large volume of mail that fails DMARC validation checks.
The reality, at least for aggregate reports, is that such reports are only sent once per day in most cases, and it's dubious as to whether or not these verification steps are even performed by some report generators.
Request here is to remove this requirement for rua reports.
Issue migrated from trac:76 at 2022-01-24 16:51:40 +0000