This draft is a great improvement. I would strongly suggest changing the text to say there must be exactly one authentication-results header in the report. If there's more than one, particularly if there are multiple DKIM failures, there's no way to tell which other parts of the report go with which a-r header.
Note that multiple DKIM failures could easily have multiple reported domains, multiple auth-failure, dkim-domain, dkim-identity, dkim-selector, dkim-canonicalized-header, and dkim-canonicalized body. (Remember that there are two different ways to canonicalize each.) Rather than inventing complex rules about which item goes with which report, if you have three failures, send three reports. R's, John _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
