On Mon 30/Jun/2025 22:04:57 +0200 Dotzero wrote:
On Mon, Jun 30, 2025 at 2:45 PM Murray S. Kucherawy <[email protected]> wrote:
On Fri, Jun 27, 2025 at 7:06 PM Dotzero <[email protected]> wrote:
For mail originating in complex environments RUF can be very useful.
For example, I've seen mail DKIM signed by a mail server and then the
signature is broken by another server at the edge. Another example is a
mail server DKIM signing with broken signatures but it is one of a
number of servers (the others signing correctly) in an outbound VIP on
a load balancer.>>
Wouldn't DKIM error detection satisfy the need in this situation? Why do
we need failure reporting at both levels?
DMARC still includes SPF. Why would you include failure reporting for one
class of failure (DKIM) and not the other (SPF)? Illogical.
The current definition of ruf=, in the main draft, seems to comprehend RFCs
6651/2, although both have their own mechanisms for requesting reports. To say
that basically nobody sends them would apply rather to those mechanisms than to
DMARC's ruf=. Albeit less honored than rua= requests, failure reports are
still the most successful of all the RFC 5965 derived instances, IME.
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
