On a technical note, “0” and “1” generate DMARC failure reports, while “d” produces a DKIM failure report and “s” produces an SPF failure report. They are slightly different in content (and specification). Technically, I suppose “0:d:s” could produce one of each. That is, to put it mildly, ugly. Maybe this needs more than a simple ABNF discussion?
-- Les On Mon, Jun 6, 2022 at 3:49 PM Olivier Hureau <olivier.hur...@univ-grenoble-alpes.fr<mailto:olivier.hur...@univ-grenoble-alpes.fr>> wrote: >> dmarc-fo = "fo" *WSP "=" *WSP ( "0" / "1" / ( "d" / "s" / "d:s" / >>"s:d" ) ) >>What about domain owner that have a value that is not listed there ? ex: >>"1:d" or even "1:d:s" ? (4.59% of explicit fo tags, from my measurements) >Even though RFC 7489 allowed them, values such as "1:d" (generate a failure >report if any auth mechanism failed or if DKIM failed) or "1:d:s" (any, dkim, >spf) make no sense, because 1 implies d and s. >I'd rather see the description of the "fo" tag cleaned up to stress this.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc