On Fri, Aug 17, 2018 at 4:15 AM, Alessandro Vesely <[email protected]> wrote:
> > The DKIM aggregate reports show whether a server signs correctly all > mails or > > not. If the aggregate reports show that this is sometimes (let's say in > 1%) > > not done correctly, the signer has no way to find for which email the > signing > > has not worked and cannot fix the signing software, unless a report for > the > > failing mail is sent with r=y. > > Well, nope. Aggregate reports belong to DMARC. Consider adding a rua= > address > to your DMARC record. Sometimes aggregate reports allow a postmaster to > pin > which message triggered it. If you also set a ruf= address, you might > receive > ARF reports as well. > +1. > I suggest here in to suggest in a more formal manner, that MLMs modifying > a > > message are supposed to remove the r=y part of just invalidated > DKIM-Signature > > and this logic is also applied for ARC, if relevant (I don't know ARC). > Fixing > > only ARC will not help, as there is software that follows DKIM, but has > no idea > > about ARC. > > AFAIK, ARC is not involved in reporting. My feeling is that the whole > topic > now belongs to DMARC's territory. +1. As for rfc6651, it also specifies how to obtain reports for ADSP, which was > moved to Historical status. Unless your experience testifies to a relevant > community traction, I'd propose rfc6651 be moved to Historical status too, > and > its format description be moved to rfc7489bis, whenever it comes about. > OpenDKIM still implements RFC6651 and finds it useful for debugging problems with new implementations, so at least from that perspective I don't think historical status for it is warranted. If an update is needed to cover the issues raised here, that's possibly worth pursuing. -MSK
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
