On Fri, Apr 12, 2019 at 4:57 AM Scott Kitterman <[email protected]> wrote:
> I think adding a MUST NOT regarding RUF is a good idea. > I think this is a bad idea for two very important reasons: 1) Any gTLD being used as a brand domain (i.e. .google, .microsoft, etc.) may wish to use failure reports on these domains just as they would on their .com's. 2) We wanted this spec to be the *minimum* delta from DMARC possible. That's why we added the third lookup but removed all other items. A MUST NOT for RUF no longer feels like a minimum delta. It also adds extra overhead to any implementation changes needed to test the experiment. We should (and I believe do) make the case in privacy consideration that failure reports for a third lookup is a bad idea. I don't think we need more of this right now. If during the experiment it becomes clear that this guidance is needed, then it can be folded into DMARC 2.0 when everything comes together.
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
