> -----Original Message----- > From: John Levine [mailto:[email protected]] > Sent: Tuesday, October 11, 2011 9:11 PM > To: [email protected] > Cc: Murray S. Kucherawy > Subject: Re: [marf] New Version Notification - > draft-ietf-marf-authfailure-report-03.txt > > This draft is a great improvement. > > I would strongly suggest changing the text to say there must be exactly > one authentication-results header in the report. If there's more than > one, particularly if there are multiple DKIM failures, there's no way > to tell which other parts of the report go with which a-r header. > > Note that multiple DKIM failures could easily have multiple reported domains, > multiple auth-failure, dkim-domain, dkim-identity, dkim-selector, > dkim-canonicalized-header, and dkim-canonicalized body. (Remember that > there are two different ways to canonicalize each.) > > Rather than inventing complex rules about which item goes with which > report, if you have three failures, send three reports.
An Authentication-Results field can list several different DKIM failures if the message was multiply defined. That makes the other DKIM-* fields important, as they make it clear which one the report is covering. It would be easy to group repeated DKIM-* fields together, separated by blank lines, to allow relaying DKIM forensics about each, but separately. Is that too complex? _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
