----- Original Message ----- > From: "Murray S. Kucherawy" <superu...@gmail.com> > To: dmarc@ietf.org > Sent: Tuesday, January 21, 2014 12:55:26 PM > Subject: [dmarc-ietf] Limiting what goes in aggregate reports
> I've received a feature request for OpenDMARC to limit what goes into > aggregate reports. Specifically, the suggestion is not to store any data > regarding messages that pass the DMARC test and thus only report on things > that fail. > I don't believe the current specification says anything requiring that all > messages be recorded, so I think this wouldn't violate the specification, > but it might violate the spirit of what was intended or what's desirable to > Domain Owners. > Comments? I think it is starting to build too much complexity in what receivers must do to generate aggregate reports. We should keep it light for receivers, it is up to senders to process the data. It seems important to me to be able to look at the ratio pass/fail to know if you have a phishing problem, or if you have something in your infrastructure that would reject too many good emails, compared to your phishing problem, if you move to an active policy. I think the spec should indicate, if not done already, that the receiver SHOULD(MUST?) report all emails in the aggregate report, but if people decide to go for this proposed option then at least notify it dumped some certain categories. However if you don't have the report of emails that pass, how do you find sending IPs that may have your DKIM key? So I'm not for limiting what goes in aggregate reports.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc