On Sat, Feb 17, 2018 at 3:49 AM, John Levine <jo...@taugh.com> wrote:
> Seems fine, although I've long found 7601 one of the most mysterious RFCs
> ever published.
Why's that? (And why wasn't this mentioned when 7601 or any of its
antecedents was in last call? No errata?)
> The IANA registry says that there is a dkim header.i property defined
> in RFC7601, but the only place it appears in 7601 is in examples in
> Appendix B.
DKIM results are reported using a ptype of "header". The property,
however, represents one of the tags found in the DKIM-Signature
header field rather than a distinct header field.
So "header.d" means the d= tag, "header.i" means the i= tag, etc. Those
are the only two identifiers DKIM evaluates, so they're the only ones that
were ever registered.
7601bis loosens the language about what's appropriate to send downstream,
from being only authenticated identifiers to also allowing other related
stuff that downstream agents might want to use or log. That means things
like "s" and "a" are now in play.
Section 2.4 says that a "policy" property is how you report a local
> policy that overrides the regular result, but I see policy=reject in
> reports about DMARC where it's just copying the p= from the _dmarc
> record. Is that right? If not, where if anywhere should it be
That would be "dmarc=fail policy.dmarc-rules=arc-failure", where
"dmarc-rules" and "arc-failure" are things the rejecting operator is free
to invent for its own records.
dmarc mailing list