Re: [dmarc-ietf] Two new fields in aggregate reports

Seth Blank <> Fri, 25 October 2019 17:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E9DA11209DB for <>; Fri, 25 Oct 2019 10:53:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Ga8xBD4VHkKG for <>; Fri, 25 Oct 2019 10:53:10 -0700 (PDT)
Received: from ( [IPv6:2a00:1450:4864:20::42f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 114C812094E for <>; Fri, 25 Oct 2019 10:53:10 -0700 (PDT)
Received: by with SMTP id v9so3322522wrq.5 for <>; Fri, 25 Oct 2019 10:53:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=7Fk1s6Oj3otUcw+qZXsuTey8IvaoZ0YVX129uWUgPDM=; b=JIkcfBcB8CmN7uD4s2eOiCdz68u0NRsuAjamzMiG5rhBzsnGqyjvDBFiIKT1T4D+Yt h1OeDvPAQ+ZuF6/O4SOCHP/k6rQQfNLqRtOaRHjMuP1C3aKOvUji0ZIth6RPxdR3z8SD uLoVUv77hwbIyFl3QUcEvtxbe/h7qtzBMYW1TxMJMTBHfE3guhigFjX0Cpoj060V7hL/ ey9EOv0lcZ70mmPWYHZq//6dUgtoVAJ1qp6Gu3aP90/GYyS5AOkWOmIrlyY1khChj927 svh3luOKg8yvjWsByMTC6PvTc7/IKE8nKn845P1we4EyWN5fzkLjzPUnQauDVbpLVvma movg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=7Fk1s6Oj3otUcw+qZXsuTey8IvaoZ0YVX129uWUgPDM=; b=bq7UOcJDDIrcaPrs2swW2jjMy/QE3IQPk0BiccwSOk4EfS0rj8fKBnIvHeLEeK8TFZ Se6xfcd1S3kefr3B7vLsbnCPY7ALuAWJxxrbh4WHsgjt+nvO2bwPmYw+5zcqw/aRJ4hL EsMampf38AnfPrf4TTf+DB15YBMTb+4doBCJ7eiiSngACIqrTEWF3ZQ4LNy81nVGgxWJ Csbg0Ux04JtInHTmUWTlLebxSMnb9QdMfJnSuYys/xmF2PsWborcqDsoSGLyUlt8VgdR WJYs0ZpnL27G7cJXIaujcQLoVgCXGcH/3cxIJx8rVR5LGZpukeYktBENnbS2tbmIG1Sn nN1A==
X-Gm-Message-State: APjAAAUpxlMIKSUF4GqidT9HbvGd0wMbKvVq1gQMGMYd1FP9bWW9H710 8Y/k6/wJb25/NbLQh2PR6f34kPjFnOW+sBAuUDZ/kag9wIk=
X-Google-Smtp-Source: APXvYqwILKmlOfuK21oVudR6PWnaAB2OfpQpJoEWo6Bf5oCMD6dDYZ01UcAEDkSePt+4uw9WQ80PfB/fG5OrW41CVxs=
X-Received: by 2002:a5d:4f91:: with SMTP id d17mr4263107wru.184.1572025988046; Fri, 25 Oct 2019 10:53:08 -0700 (PDT)
MIME-Version: 1.0
References: <> <20191025174918.E8CAFD66F4D@ary.qy>
In-Reply-To: <20191025174918.E8CAFD66F4D@ary.qy>
From: Seth Blank <>
Date: Fri, 25 Oct 2019 10:52:57 -0700
Message-ID: <>
Content-Type: multipart/alternative; boundary="000000000000986e820595bfd280"
Archived-At: <>
Subject: Re: [dmarc-ietf] Two new fields in aggregate reports
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Fri, 25 Oct 2019 17:53:18 -0000

On Fri, Oct 25, 2019 at 10:49 AM John Levine <> wrote:

> As far as I know, the point of DMARC reports is to help domain owners
> understand who is sending mail that purports to be from them.  In a
> large organization it can be remarkably hard to track down every mail
> server in every department or every subcontractor that might be sending
> real mail with the domain in the From: header.
> The domain owners use the reports to do things like update SPF records
> to include all of the sending hosts, update server configs to add DKIM
> signatures, or to fix servers that are adding invalid signatures, and
> often to shut rogue servers down that shouldn't have been sending mail
> in the first place.
> I can't see how spam scores would be of any use for any of these tasks.


The point of DMARC reports is to understand what is not authenticating in
an aligned fashion, so that you can get those mailstreams authenticating
properly and verify things are now correct. Spam, nor insight into receiver
mechanisms to combat spam (which change daily, per Brandon), is out of
scope of DMARC reporting.



*Seth Blank* | Director, Industry Initiatives
*p:* 415.273.8818

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.