We would like to close this ticket by Dec 15, two weeks from now, so short
trenchant comments are welcome.
Ticket #1 is about https reporting. Early drafts of the DMARC spec had a
poorly defined http report which we took out. I propose we add back https
reporting similar to that for mta-sts, with a POST of the gzipped report
to the HTTPS URI.
R's,
John
================================================================
Right now, reporting only functions via mailto: but other
functionality had been previously discussed. Does the group wish to
extend reporting mechanisms?
See: https://mailarchive.ietf.org/arch/msg/dmarc/iKpLKGdneTs85ioOiG_RwR5Vssc/
Changed by johnl@…
We can adapt the approach MTA-STS uses in RFC 8460.
If rua= has an https URI, the reporter uses HTTP POST to that URI with
the report as an uncompressed or gzipped XML file as the POST body.
The media type is the same as is used in mail reports, application/xml
or application/gzip. Reports SHOULD be gzipped. If we keep the !size
hack, they MUST be no larger than the size limit.
I suppose failure reports could be posted the same way with the same
message type as if mailed, but they're not usually very big and I
don't think there are many generated.
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
