Recently, I have been doing a deep-dive into my DMARC feedback. Not much can be learned.
I tried to determine which of my outbound messages are represented by the incoming reports. The match is not easy. From my configuration and the outbound SMTP log, I know Source IP RFC5321.MailFrom Domain RFC5322.From Domain RFC5321.To domain MX host domain name SMTP Result Code and Extended Status code >From the incoming report, I have Source IP RFC5321.MailFrom Domain RFC5322.From Domain Organization name, which is sometimes a domain name and sometimes free text. Email contact domain name Domain name from the attachment's file prefix. Disposition counts For the initial exercise, disposition was not a consideration because no messages were rejected To match the two data sets, I needed to guess a connection between the MX hostname and the report organization data. Intelligent guesswork gets me pretty far, but it still leaves a lot of holes. A helpful exception is Yahoo, which supplies the RFC5321.To domain as the prefix of the report filename. Their timestamps also appear precise, because I have been able to match their reports without any count or time discrepancies. At the opposite pole is iphmx.com, which fragments their report data across multiple subdomains, which I may or may not have correctly matched to MX records. Worse yet, they have reports for seemingly identical sources with overlapping time intervals. Several multi-tenant server organizations, including iphmx.com, only report DMARC for the subset of client domains which evaluate and enforce DMARC results. Since the sender has no knowledge of which domains are or are not evaluating DMARC, there is no way to know which outbound messages are included in the report and which are not. All of this means that if some messages are being blocked by an evaluator's local policy, I have a low expectation of knowing which recipient users are affected, which means that I cannot contact those users to ask them for assistance, even if I have an alternate way to reach them. Do we have any ideas for making this match process simpler, or do we take the position that this type of matching process is not supported and should not be attempted? Just asking, Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
