>"- is rr=all a good default? In this case I think it is. Publishing the record says you want reports, and it seems reasonable that you'd want all the reports until you can narrow down the problem. And if you accept any reports at all, you better be prepared for a lot of reports, since it's pretty easy for bad guys to send spam that fails in whatever way you do accept.
> If a bad-actor sends a supposedly signed mail with a DKIM-Signature with 1000 > fields >then what happens if the Signer's DNS has no rr tag? If you've published a _report._domainkey record, you get a lot of reports. If you haven't, you get no reports. Seems reasonable to me, it's opt-in. If you publish a record inviting reports you don't want, well, Don't Do That. >- add a report request for unknown signature tags That's not an error, but it could be an interesting way to see who's delivering your mail, which is probably not what you intended. R's, John _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
