On Wed, Aug 4, 2021 at 5:32 AM Alessandro Vesely <[email protected]> wrote:
> On Tue 03/Aug/2021 22:42:07 +0200 Todd Herr wrote:
> > - p=quarantine; pct=0: I as a domain owner receiving reports showing
> all
> > mail that I originated except for mail that flowed through
> intermediaries
> > that do From: header rewriting. I can then examine the differences
> in the
> > reports, suss out which intermediaries aren't rewriting the From:
> header,
> > and decide if I care enough about the volume I'm sending to those
> > intermediaries to have it affect my decision to move to a stronger
> > assessment policy.
>
>
> Examining the difference in the reports sounds hard, especially if the
> mail flows and remote operators' settings changed since p=none. As a
> matter of fact, p=none lets a domain learn more about its mail flows,
> since aggregate reports contain DKIM and SPF identifiers of mediators.
>
This is only true if the From: header is not munged. If it's munged to use
the domain of the intermediary, the originator will not see data about the
hop from the intermediary to the reporting destination in its aggregate
reports.
>
> Is that good to know? Certainly, many operators prefer not to see any
> failure in the reports thy receive. Hence p=quarantine; pct=0. Is
> that /all/ operators, or are there any who would like to know about
> indirect mail flows anyway?
> IOW: should we support an option to get aggregate reports even if a
> mediator munged From:?
>
>
I submit that the option is already there...
Imagine the following path for a mail message:
originator --------> From: munging intermediary -------------> final
destination
The "From: munging intermediary" has the ability to do DMARC validation on
messages received from the originator and to generate reports to the
originator by sending them to the address(es) specified in the rua tag of
the originator's sending domain DMARC record.
The "final destination", at the same time, has the ability to do DMARC
validation on messages received from the intermediary and to generate
reports to the intermediary, presuming that that intermediary publishes a
DMARC record for its munged sending domain.
--
*Todd Herr* | Technical Director, Standards and Ecosystem
*e:* [email protected]
*m:* 703.220.4153
This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
