Hello, the purposes of the reports shall be first articulated and then the content of the reports shall be augmented to fulfil the purposes.
* * * Purpose of Aggregate Reports * * * Some purposes are clarified in the email from Michael Hammer/2019-07-31: “ Having both passes and failures is incredibly useful. The percentage of failures is very useful. Any set of mail streams will always have some failures. Once you know what the baseline rate for a (sub)domain is, simply seeing changes in that rate will help you identify problems.. An increase in the failure rate is generally either 1) someone trying to abuse your domain name; or 2) something has gone wrong with DKIM signing or someone associated with the domain organization has started sending mail from somewhere without appropriate SPF or DKIM.” -- The email from Tomki/2019-06-21: “ As mentioned by Elizabeth recently: (Elizabeth please chime in if this doesn't capture your meaning) The spec does not define *which* DKIM signature should be reported in the DMARC RUA created by a receiver. The proposed resolution to this is that if the receiver does not provide the complete set of DKIM signatures found, they should provide (in order of preference) 1. a signature which passed DKIM in strict alignment with the From: header domain 2. a signature which passed DKIM in relaxed alignment with the From: header domain 3. some other signature that passed DKIM 4. some other signature that didn't pass DKIM” Once the RSA-SHA256 signatures between two sites function properly, the aggregate reports do not allow to verify, that the ED25519 signatures also work correctly. Thus two sites exchanging emails cannot know, if switching to only ED25519 signatures will work reliably. With this in mind, a new purpose of the aggregate reports is to allow for two sites, having proper RSA-SHA256 implementations, to verify, whether the ED25519 implementations are also correct. -- For what purpose the envelope sender is communicated? My understanding of recent communications is, that this information is exchenged, I do not reread the specification now. * * * Purpose of Per Message Failure Reports (also known as forensic report) My understanding for the purpose of the failure reports is, that these can serve only one of two purposes: * Either verify whether the DMARC/DKIM implementations of sender or receiver match, * Or spread information about scammer actions (The concerns for not sending failure reports for privacy reasons are only for the second case. The concerns about not sending reports in the first case is about silencing improper DMARC implementations). The case, where the implentations match, but the sender forgets to sign messages from its servers, is uncovered by the aggregate reports, and for fixing this case, the aggregate reports provide sufficient information. Regards Дилян _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
