Re: [dmarc-ietf] Recipient domain in aggregate reports (#23)

Matthäus Wander <> Mon, 03 May 2021 17:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 59E8F3A1D25 for <>; Mon, 3 May 2021 10:21:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id sr7U_9eGyC_t for <>; Mon, 3 May 2021 10:21:43 -0700 (PDT)
Received: from ( [IPv6:2a01:4f8:13b:2048::113]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D97003A1BA7 for <>; Mon, 3 May 2021 10:21:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;; s=cathay; h=Subject:Content-Transfer-Encoding:Content-Type: In-Reply-To:MIME-Version:Date:Message-ID:From:References:To:Sender:Reply-To: Cc:Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=IEMOVsvLGyo7IfLjyjp/aN0fOrX5FikCkk9veTqEBn0=; b=IGEOr67oShAfK8PNpskxpkxlEu oqR0iLEGx682Xm0MmmHtdJ5eaCTHU1ksJoiWpmsZG7fkNnSdpVJ9K8bWHeULlPjhaJsobM97mCksV WFl4/yhtrBI2ZCRgBmHEdoeZXxmAN9/pyNtGJQWTayfR771tE15vz2r7XvDoQIar4EeImKyMt3/Q7 XJDABQR/yOHpUrOaksvxf8Lexpv5QpRsnxIpUBYolD4Ro3q1xRqoX233P8LYIKTW2CKpi6QS13U7L 3XCw61laAibEXfiuuWewKUMiKwULYgxj52dZWjMHuKLeP0ix1hk88mjGIoV/cjwxHNPk8qYTdWOD5 LhrMsiQQ==;
Received: from ([2a01:c23:6c15:7b00:59db:66cc:4462:2f3e]) by with esmtpsa (TLS1.3:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.92) (envelope-from <>) id 1ldcGI-0005pH-QC for; Mon, 03 May 2021 19:21:39 +0200
References: <20210502203007.2AE156284F0@ary.qy>
From: =?UTF-8?Q?Matth=c3=a4us_Wander?= <>
Message-ID: <>
Date: Mon, 3 May 2021 19:21:37 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.0
MIME-Version: 1.0
In-Reply-To: <20210502203007.2AE156284F0@ary.qy>
Content-Type: text/plain; charset=utf-8
Content-Language: en-US
Content-Transfer-Encoding: 8bit
X-SA-Exim-Connect-IP: 2a01:c23:6c15:7b00:59db:66cc:4462:2f3e
X-SA-Exim-Version: 4.2.1 (built Wed, 08 May 2019 21:11:16 +0000)
X-SA-Exim-Scanned: Yes (on
Archived-At: <>
Subject: Re: [dmarc-ietf] Recipient domain in aggregate reports (#23)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 03 May 2021 17:21:48 -0000

John Levine wrote on 2021-05-02 22:30:
> It appears that Matthäus Wander <> said:
>> envelope_to allows you to automatically correlate these reports and
>> reconstruct the forwarding path. This helps to identify the culprit who
>> is breaking DKIM signatures, especially with longer forwarding chains.
>> Without envelope_to, reconstructing the mail flow requires guessing and
>> manual work.
> It is none of your business to whom I forward my mail.

I'm not quite sure what the problem is, but the solution may be to not
send DMARC reports and to not forward to systems that send DMARC reports.

It's worth noting that even without envelope_from and envelope_to
domains, RUA reports reveal forwarders.