Hello, for a smooth working DMARC DKIM signers and verifiers must be interoperatable. When a server DKIM-signs a message and sends it to another server without intermediates, the latter shall be able verify the signature. Imagine, the DKIM validation fails and the ruf= dmarc report email address points to the sending server.
What are the privacy concerns in this simple scenario that speak against sending a DMARC/DKIM report to sending server, telling that the DKIM validation fails? https://tools.ietf.org/html/rfc7489#section-9 mentions some privacy thoughts, but these are not applicable when the sending server obviously has already the reported message and no intermediates are involved, that could expose additional information. Regards Дилян _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
