On November 28, 2023 12:36:11 AM UTC, Noel Butler <noel.but...@ausics.net>
wrote:
>On 21/11/2023 20:08, Matus UHLAR - fantomas wrote:
>
>> On 21.11.23 12:06, Noel Butler wrote:
>>
>>> This also depends on how you set DKIM's canonicalization
>>
>> this is a (known) problem of DKIM and playing with DMARC will not solve it.
>>
>>> Anyone using simple/simple should have a DKIM fail and plenty use that
>>> setting, prior to July this year - when I was using this address on file
>>> with Federal Law Enforcement agencies for receiving shall we say certain
>>> formal requests ;) I used fully strict with simple/simple - as earlier
>>> posts on this list would show
>>
>> I agree that DKIM designers messed this up quite much.
>> But again, we are here talking about DMARC.
>
>But they are inter-twined, DMARC just does what DKIM and SPF declare, so any
>perceived DMARC issues *do* include DKIM and SPF
>
>> I believe the issue lies in bad formulation of condition for fo:
>
>> The problem I see is that with "fo=1" it should be reported, even if
>> everything is okay.
>
>Well, if there is a pass and a failure not "everything" is OK.
>Of all DMARC notices I've had its because DKIM failed, and thankfully for me
>at least all of them are list based, its when I start seeing them for non list
>posts that I'll sit up and take notice.
>
>> Perhaps RFC 7489 needs clarification of what exactly needs to be reported
>> and what not.
>
>7489 makes fo=1|s|d clear, perhaps fo=0 could be worded differently, most of
>us, or perhaps just many of us, understand 0 means only if everything fails
>then send a report because thats how I see it and how it seemed to work when
>first ran DMARC until I moved fo=1 because I want to get failure reports -
>remember, not all failure reports go to humans ;)
>
>Generally people who halve some idea of what they are doing don't bother with
>RFC's, perhaps the problem is with the software documentation as that's what
>they tend to go for.
>
An IETF revision to RFC 7489 is pretty far advanced. Anyone can contribute to
the work if you think it needs improvement:
https://datatracker.ietf.org/wg/dmarc/documents/
Scott K
