From: "SM" <sm(_at_)resistor(_dot_)net>
What are the report limits? Is the report-domain paying the validator
to send reports, because if not, it could be pretty costly.
The validator decides whether to send reports or not. Note that I am
not suggesting that automated reports should be sent or that this tag
should be used for them.
Right, my only point was to highlight necessary wording for the
specification describing the issues related to this tag (r=).
Mainly, in general, domains should not depend nor expect validators to honor
this reporting tag unless there is a special "contract" between them to
obtain this valuable feedback.
The specs currently say:
| r= Email address for reports and inquiries regarding the signing
| policy for this entity (plain-text; OPTIONAL, default is no
| contact address available).
Additional text along the following thought process SHOULD|MUST be needed:
Validators are not obligated to honor this signer reporting tag,
nor obligated to send reports to the signing domain.
Maybe adding one sentence or short paragraph explaining the security
reasons.
--
Hector Santos, Santronics Software, Inc.
http://www.santronics.com
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html