Hello, will be there any concerns for sending slim forensic DMARC reports (ruf=) on failed DKIM validation, if
* between sender and recipient there are no intermedates/aliases/redirecting providers, * the third MIME part of multipart/report is cut (contrary to https://tools.ietf.org/html/rfc5965#section-2 bullet d), and * in the message/feedback-report part - either the Original-Envelope-Id is included, - or Original-Message-Id is included (where Original-Message-Id will be defined to be the Message-Id of the message that is reported)? The Original-*-Id identifiers do not expose privacy information, but let the sending server identify for which message the DKIM signing/validation do not match. Whether the sending user has deleted the message in the meantime does not matter. Knowing which message is problematic is a huge improvement compared to the current situation. First, the sender can validate with different implementations whether they all produce the same signature for that message. Second, if the message in question is sent over a mailing list, the From: was changed by the MLM, the DKIM signature was added after the mail left the MLM but before leaving the MLM-mail-server, then this very message is likely to be distributed to several mail providers. If one provider does not validate the signature, and the other providers validate the signatures, (or all mail providers do not validate), then somebody can take some actions so that the cause for the failure is resolved and does not happen again in the future. A clear plus for all DMARC-users. Regards Дилян _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
