So as a consumer of these reports I'd definitely like to see a structured value with as much information as possible.
The ideal would be to get as much information as we'd get if the final receiver had seen the original email directly at i=0. So that would mean: - SPF Result and SPF domain - For each DKIM signature on the i=0 email, the result and the domain. This should show all signatures from the original message, regardless of status - DKIM Selectors - Unfortunately we probably can't get the DKIM signature selectors (because they aren't generally recorded in the Authentication-Results, and so won't be available to downstream hops), but if we can get them, that would be very helpful. The above will aid in classification and tracking down problems with authentication. In addition, we probably want to record the # of hops (i.e. i=2) The proposal above is a good start, but I don't think it handles the multi-DKIM signature case well. Do you have thoughts on how you'd record and propagate information on multiple signatures in the report? Best, Peter On Thu, May 4, 2017 at 3:58 PM, Brandon Long <[email protected]> wrote: > 6.4.5 in the current spec specifies the following as how to report the > local_policy override from arc: > > <policy_evaluated> > <disposition>delivered</disposition> > <dkim>fail</dkim> > <spf>fail</spf> > <reason> > <type>local_policy</type> > <comment>arc=pass ams=d1.example d=d1.example,d2.example</comment> > </reason> > </policy_evaluated> > > The comment is obviously completely unspecified, though maybe some > inferences can be done... though I'm not sure what it's saying myself. > > Are we attempting to dictate the comment? Or is that just an example and > it could be anything? > > If anything, then folks who ingest these may need to look at a bunch, or > folks may just say arc=pass. > > Is the more extensive information useful? > > I came up with random format for use in the comment field for the authres > header, ie something like: > > arc=pass (i=2 spf=pass spfdomain=example.com dkim=pass dkdomain= > example.com) (only partially rolled out, most servers are just saying > (i=2)) but I'm not sure that's useful directly either. > > Brandon > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > > -- [image: logo for sig file.png] Bringing Trust to Email Peter Goldstein | CTO & Co-Founder [email protected] +1.415.793.5783
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
