Well, I think that would depend on the use case, would it not?. I've got one server and Google Apps, everything signs with DKIM, and SPF is configured correctly. I don't really have any edge cases to look out for -- no other outsource service providers in the mix. The rare (for me) failed message forensic reports provide feedback about other peoples' broken mailing lists (and maybe someday examples of forgery, if somebody forges my domain). In that scenario, I'm getting a daily "everything is OK" aggregate report from Google and a few others that is of low value to me. I could either set a filter to delete those reports, or I modify my DMARC record to stop requesting them. Either way, this is reversible in the future.
For an ISP or corporate entity, I would be more inclined to agree with you. Somebody in another department could set up with some other service provider that handles some form of email messaging without enabling proper authentication and you'd want to be able to catch that, and summary (aggregate) information from the big guys would help immensely. So I do get your point, but it doesn't see to fit my use case. Cheers, Al Iverson On Sun, May 27, 2018 at 11:18 AM Vladimir Dubrovin <dubro...@corp.mail.ru> wrote: > Aggregated report contain all information, including SPF/DKIM/DMARC > failures, but it doesn't contain forensic information (e.g. failed > message Subject). Aggregated reports are supported by almost all large > ESPs, so, if you have some troubles you will probably see it in > aggregated report. > Forensic report contains information about individual message failing > SPF/DKIM/DMARC with some details (forensic information) regarding this > message, e.g. message headers. The problem is there are very few peers > sending forensic reports, so you may receive some reports, but should > not expect to receive forensic reports in the case of failure. > If you do not receive aggregated reports there is a very high chance to > have configuration problem without noticing it. > 27.05.2018 17:43, Al Iverson via dmarc-discuss пишет: > > In a DMARC record, I see that rua= specifies the address to which aggregate > > feedback is to be sent, and ruf= specifies the address to which > > message-specific forensic information is to be reported. > > > > I'm just a tiny bit confused about terminology-- could somebody confirm for > > me that I'm thinking of this correctly? I prefer only to receive failure > > reports at this time. I don't want to receive summary reports telling me > > that everything is AOK. That suggests to me that I should remove the rua > > field but leave the ruf field. > > > > Have I got that right? > > > > Thanks, > > Al Iverson > > > -- > Vladimir Dubrovin > @Mail.Ru -- al iverson // wombatmail // miami http://www.aliverson.com http://www.spamresource.com _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)