I believe they MUST contain any aligned DKIM signature regardless of validity and SHOULD contain an entry for each domain, selector, result triple.
Elizabeth > On Jun 21, 2019, at 11:46 AM, John Levine <jo...@taugh.com> wrote: > > In article <7cd366d2-ab8d-cce8-67ff-59b79183c...@tomki.com> you write: >> As mentioned by Elizabeth recently: (Elizabeth please chime in if this >> doesn't capture your meaning) >> >> the spec does not define *which* DKIM signature should be reported in >> the DMARC RUA created by a receiver. The proposed resolution to this is >> that if the receiver does not provide the complete set of DKIM >> signatures found, they should provide (in order of preference) >> 1. a signature which passed DKIM in strict alignment with the From: >> header domain >> 2. a signature which passed DKIM in relaxed alignment with the From: >> header domain >> 3. some other signature that passed DKIM >> 4. some other signature that didn't pass DKIM > > This seeems overcomplex. How about saying the reports SHOULD include > all valid DKIM reports. If they can't, they can't, and I don't see > any benefit in offering advice on how not to comply. > > > > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc