Olivier Hureau wrote on 2023-10-25 12:56:
What about using the error report of RFC 7489 for this purpose instead
of aggregate report? (
https://datatracker.ietf.org/doc/html/rfc7489#section-7.2.2 )
I have never seen any error report but I think that error reports were a
great ideas because they can advertise the domain owner (through the
valid URI) for any failing external destination verification
We could also use the error reports for to reports any syntactic errors
in the record could be also useful, in my opinion.
As error reports have never gotten any traction, it would be a big
effort to make this work. Reusing the existing ecosystem of aggregate
reports is a lower hanging fruit. Tools and processes are established
and even the aggregate report format supports it already.
However, it needs to be well defined to avoid sending to much
unsolicited message (Usenix 2023 : You've Got Report: Measurement and
Security Implications of DMARC Reporting
<https://www.usenix.org/conference/usenixsecurity23/presentation/ashiq>.)
Sending error reports only to domains under authority of the Domain
Owner would solve the issue.
I believe aggregate reports have already addressed this issue (Verifying
External Destinations).
Regards,
Matt
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
