This is a list of recommendations, collated from the sections of this guide.

From the Discovery section:
Even if the inbox URI was previously known to the sender, '(re)discover' the inbox URI either on every operation or, at least, periodically.

COAR Notify workflows should be registered in the COAR Notify Catalogue.

From the Security section:
Early adopters should consider protecting the inbox by white-listing IP addresses of trusted systems. This is a temporary recommendation while good practice for more sophisticated forms of protections is worked out.

From the Signposting section:
COAR Notify workflows should use the protocol to discover related resources.