I see your point, but actually empty return-path doesn't guarantee the DKIM/DMARC report to not receive the answer either, because e.g. out-of-office autoreplies usually ignore return-path and send response to RFC5322.Reply-To/RFC5322.From. It's quite common case human-readable mailbox is set as a DMARC reporting address.
I believe, valid recommendations here is to follow RFC 3834 for both sender and recipient, that is, to add Auto-Submitted: auto-generated header (Precedence: bulk may also be used, though not standardized) Recommendation to use empty envelope-from / return-path is doubtful, because this recommendation is usually applied to mail transport-level application and DMARC reporting does not belong to transport level. In practice, this recommendation will increase loop probability for DMARC reports due to quite common SPF misconfiguration. 04.06.2019 16:19, Дилян Палаузов пишет: > Hello Validimir, > > the point is that answers can be sent to the (DKIM) report and > receiving the answers can trigger sending a new report to the address > published in DNS. > > Empty return path prevents sending an answer to the report. > > What to do if a site sends a report that does not validate DMARC/DKIM, > then a new (reverse) report by the other host is sent and this report > again does not validate DMARC/DKIM, so it triggers a new report? This > is a concern of improperly configured site pairs. The target for the > recommendation to use MAIL FROM:<>/NOTIFY=NEVER are properly > configured sites, that deal with improperly configured sites. > > Regards > Дилян > > On June 4, 2019 2:48:32 PM GMT+03:00, Vladimir Dubrovin > <[email protected]> wrote: > > Reports are not sent to Return-Path address, empty return path does not > prevents report from being sent. Actually, report with empty > envelope-from has higher chances to generate a reverse report, because > in this case SPF is checked against HELO and, in practice, many seders > do not have SPF configured for HELO name and SPF failure can trigger a > report. > > 04.06.2019 12:41, Dave Crocker пишет: > > On 6/4/2019 11:27 AM, Дилян Палаузов wrote: > > A DKIM failure report is sent, on which a bounce is generated > > The rule for mail-handling notification messages has been that > they do not contain a return address, in order to avoid > looping. Shouldn't that apply to DMARC reports, too? If not, > why? d/ > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc -- Vladimir Dubrovin @Mail.Ru
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
