Al,
Note that the terminology changed a while back from forensic reports to
failure reports, presumably to remove the confusion that the use of the
term forensic invites[1].
You've not stated what action you intend to take in response to the
receipt of a failure report, so it's a little
Well, I think that would depend on the use case, would it not?. I've got
one server and Google Apps, everything signs with DKIM, and SPF is
configured correctly. I don't really have any edge cases to look out for --
no other outsource service providers in the mix. The rare (for me) failed
message
Aggregated report contain all information, including SPF/DKIM/DMARC
failures, but it doesn't contain forensic information (e.g. failed
message Subject). Aggregated reports are supported by almost all large
ESPs, so, if you have some troubles you will probably see it in
aggregated report.
In a DMARC record, I see that rua= specifies the address to which aggregate
feedback is to be sent, and ruf= specifies the address to which
message-specific forensic information is to be reported.
I'm just a tiny bit confused about terminology-- could somebody confirm for
me that I'm thinking of