On Wed 03/Sep/2025 06:10:20 +0200 Steven M Jones wrote:
On 8/29/25 10:50, Alessandro Vesely wrote:
Privacy aside, RFC 5965 provides for having "Original-Rcpt-To" fields in
message/feedback-report. Linkedin uses them. Currently, Original-Rcpt-To's
are missing from the example in Appendix A. I'll add some.
You cited RFC5965, but aren't we building off of RFC6591 in Section 4? That
spec doesn't mention Original-Rcpt-To: - though it does mention Original-
Envelope-Id and Original-Mail-From:, so it seems safe to say they knew it was
available if they wanted it.
RFC6591 /extends/ RFC5965. It adds some new fields and modifies the
requirements of some of the original fields. The remaining fields are
unchanged and retain the same name and requirements. User-Agent:, for example,
is treated similarly; RFC6591 doesn't mention it except in the example.
See also:
https://www.iana.org/assignments/marf-parameters/marf-parameters.xhtml
I don't think the OpenDMARC milter includes that header by default, and
looking at historical reports, it doesn't look like Hotmail or NetEase
included it either.
It is optional, so they don't need to include it. Linkedin uses it, so I know
Frank Martin is subscribed to this list (for another example of how private
data is leaked; Original-Rcpt-To is just one of the three places in a report
where his email address appears.)
Even if the consensus is that we wanted to include Original-Rcpt-To: as
optional in Section 4, and in the Appendix, as an example of reports being sent
"in the wild," I think we want to make sure situation's like what Todd
presented are covered by Section 7.
There is no need to mention that Original-Rcpt-To: is optional in Section 4,
because it is the same requirement as RFC5965. If we were to change it, we
could specify in Section 4, for example, that it is NOT RECOMMENDED.
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
