On Sun, Dec 11, 2022 at 12:21 PM Douglas Foster < [email protected]> wrote:
> 2) What to include in reports > I have one reporting source that always reports a message count of 1, > without regard to the number of messages that I sent and he received. > Perhaps I'm misunderstanding, but isn't that a bug? > This helped me realize that there is no need to report quantity. A > correctly configured server will apply a correct signature on every > message. Whether the problem is uniform or random, all that the domain > owner needs to know is that a particular server is not signing correctly. > > Doesn't this presuppose that not only will the server always apply signatures correctly, but the path such messages take to that recipient never varies, nor does the handling practices of all agents in between? For instance, this message will be delivered to you twice, once via direct connection and once via the DMARC list. They may have very different results. You only want one of them? Which one do you care about and why? > And as I have said before, collecting every signature adds unnecessary > complication to the reporting process, while adding no value to the domain > owner. All that needs to be reported is one aligned signature, because > the domain owner's server only needs to apply one aligned signature. > > These changes would reduce the overhead reporting, especially for smaller > organizations where the effort is not noise level. They would also reduce > the risk of unwanted data leakage. > > But I am willing to be convinced. Can someone explain how success > reports, message counts, or unaligned signatures serve a domain owner > purpose which is relevant to DMARC? > If I am a domain owner and I know I sent N messages to M distinct domains, I expect (assuming universal participation) to get M reports back that, added up, account for N messages, irrespective of whether they passed. Anything else is lossy, and I believe I'm not getting a clear picture of my overall mail flow. If our reporting is going to reflect only a subset of this, we need to explain what that subset is and why that's better than providing something complete. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
