On Tue 04/Nov/2025 18:21:48 +0100 Murray S. Kucherawy wrote:
On Wed, Oct 29, 2025 at 11:22 AM Alessandro Vesely <[email protected]> wrote:
The points I quote below below seem to depend on an interpretation of fo=,
which took me quite quite a while to understand.
That's not a good sign ...
At times I'm pretty slow :-/
5. In Section 2, replace Paragraph 4 with:
When a Domain Owner requests failure reports for the purpose of
forensic analysis, and the Mail Receiver is willing to provide such
reports, the Mail Receiver generates and sends a message using the
format described in [RFC6591] but as modified in Section 4 of this
document.
The Mail Receiver may want to generate a DKIM report, possibly after
reading fo=d. In this case, the modifications in Section 4 should be
ignored. Instead, they should use the ARF extension defined in RFC 6591
only.
If this interpretation is correct, citing RFCs 6651/2 is incorrect. These
documents specify how to /request/ DKIM or SPF failure reports, not their
format.
They do stipulate that the format to be used is the ARF format.
The question is if DMARC report generators can decide which flavor of ARF
formato to use.
8. Also in Section 3, some explanation of why that RECOMMENDED is there
would be good to include (or remove it if we can't justify it in terms of
interoperability).
The main reason is that the methods defined in RFCs 6651/2 are almost
never used. Their use is considered an error by most DKIM/ SPF syntax
checkers.
The sentence we're talking about is:
"Report Consumers are RECOMMENDED to consolidate their requirements into a
single DMARC Policy Record."
What this is telling me (I think) is that it's a really good idea for
interoperability or security for sending domains to make a request for
DMARC failure reports and not to request DKIM or SPF reports. It doesn't
tell me why, and doesn't say anything about RFC 6651/6652 being not
preferred by contemporary operators, or why that might be.
I wanted a sentence after "Report Generators are free to follow any of the
specifications", meaning they can generate reports after 6651/2 or _dmarc's
ruf= alike. Needless to say, but doesn't hurt.
I think if those RFCs have just fallen into disuse, then this RECOMMENDED
is misplaced; we don't need to force that point if the market has already
made that determination. I also think that someone choosing to deviate
from that advice and use everything doesn't cripple the protocol or its
interoperability.
I just slashed it
https://github.com/ietf-wg-dmarc/draft-ietf-dmarc-failure-reporting/commit/9bea33f10040047e3708f508f51d4719de248c9b
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
