On Thu, Sep 24, 2020 at 11:58 AM Dotzero <[email protected]> wrote: > On Thu, Sep 24, 2020 at 12:52 PM John Levine <[email protected]> wrote: > >> Personally, I have no interest in defining this stuff but in practice, >> there are a lot of places where people are instructed to "implement >> DMARC", and it would be nice to encourage them to do more than publish >> a lame SPF record and p=reject. > > > I guess I was under the misimpression that IETF is a technical standards > body, not a marketing organization. Perhaps the working group could come up > with a cute logo and charge people for using it to show their compliance. > Is there another IETF standard that has levels of compliance as a marketing > tool? If organizations or governments instruct people "to implement" DMARC, > I would suggest that the onus is on them to provide better guidance as to > what they require. >
Sarcasm aside, I agree. IMHO, the text in the standards track document(s) shouldn't talk about compliance requirements or participation levels. Standards documents should just talk about how independent implementations interoperate, and any security/privacy implications of doing so. I think talking about the advantages of supporting different optional parts is fine if you want to encourage it, but I think we should resist any implication that you're below the bar if you're not doing <some set of things>. This follows the spirit set out in RFC 2119 Section 6. -MSK, hatless
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
