smtp-sts icon indicating copy to clipboard operation
smtp-sts copied to clipboard

Published 20 hours ago verified publisher icon mrisher

SMTP TLS Reporting: report size should be clarified

Open eyeofthenico opened this issue 8 years ago • 2 comments

I think we should have default report size that should be supported and allow recipient to specify larger limit. The "commonly observed receiver limit is ten megabytes" applies to SMTP method only imho. HTTP POST body size typically needs to be configured on webservers. I believe that default requirement will prevent silent failures due to oversize reports.

eyeofthenico avatar Oct 24 '16 12:10 eyeofthenico

I'm not sure we need this. I think we're unsure how large this will be, but when things are working correctly, the report should be tiny, and if things are bad, they may be large, but that's a good indicator your organization should get things resolved.

If you were to specify a size, where would you like to truncate data? After N items? Try to decide a severity?

abrotman avatar Nov 14 '16 18:11 abrotman

10MB max for both email and HTTP post?. Anything that goes beyond the limit should be split into multiple requests.

In general, what I have seen is that unlike DMARC, the report volume is very low.

prbinu avatar Nov 15 '16 19:11 prbinu