On Fri, 2019-10-25 at 13:49 -0400, John Levine wrote: > In article <[email protected]> you > write: > > What is the purposes of the aggregate and non-aggregate reports? What are > > non-goals? I asked several times here, > > nobody answered. Perhaps a discussion on the goals and non-goal would help. > > As far as I know, the point of DMARC reports is to help domain owners > understand who is sending mail that purports to be from them. In a > large organization it can be remarkably hard to track down every mail > server in every department or every subcontractor that might be sending > real mail with the domain in the From: header. > > The domain owners use the reports to do things like update SPF records > to include all of the sending hosts, update server configs to add DKIM > signatures, or to fix servers that are adding invalid signatures, and > often to shut rogue servers down that shouldn't have been sending mail > in the first place. >
An additional purpose of the aggregate reports, currently missing but should be present in the future, is permit the domain owner to migrate from one software for DKIM signing to another software and from one type of signatures to another type of signatures (RSA→ED25519), allowing smooth transition. I mean: I domain owner uses software A for DKIM signing with a=rsa-sha256; when communicating to site B. This works reliably, as demonstrated by the aggregate reports. If the domain owner wants to check if software C also works reliably, when communicating to site B, the domain owner has to use software A and software C at the same time for signing (with differecnt selectors). The aggregate reports shall show, if software C (the other selector) causes any problems, while software A continues to sign the messages. The other use case is when software A continues to sign the messages, but in addition adds a=ed25519 signatures. There must be a way to evaluate, looking in the aggregate reports, if ed25519 between both sites works reliably, while rsa- sha256 does not cause any problems. This was previously rised on this list (Subj: spec nit - which DKIM to report, From: Tomki, on 21st June), I just want to make clear that this belongs to the purpose the aggregate reports should have. Regards Дилян _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
