Re: [dmarc-ietf] spec nit - subdomains reporting clarity

Дилян Палаузов <> Tue, 02 July 2019 10:26 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id C754A120044 for <>; Tue, 2 Jul 2019 03:26:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (4096-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id Z344sVSrOGz7 for <>; Tue, 2 Jul 2019 03:26:05 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 657C912006B for <>; Tue, 2 Jul 2019 03:26:05 -0700 (PDT)
Authentication-Results:; auth=pass (LOGIN) smtp.auth=didopalauzov
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;; s=k4096; t=1562063156;; r=y; bh=T3dApzY0vcQYClUjLoB4rooZOYCdWkSu6r4Rn6j9l7Q=; h=Subject:From:To:Cc:Date:In-Reply-To:References; b=VKFSqTV7DXTFJhUuWjOXbmprIMuTpQUIToNcrhXF+amPe41wQYodYqjjmm7u1q/mE EPL1x91ekrx/QdD+Z+D+OcO1UZfWIdf7a5p7xBrQc1Fhg4q4DCa9sF6KWsH/ni3a4b 4vWept9gDZq7pptxJq4LEkSBzlrNfO5ElCdOEtWjoJV2sCehGtcxxICl3+XYEp9HQ4 HKqQ3+B+80GJQ6NDyhhmFHYNV+rVcUyJHlLhn8xjTd+HkPZhNJ8lFl/GFxwLZuU6+W I/MPAcngNJfVm7CBCuJoPLnkmD/5AQjqZRf0KdJo4zQDOgI4XlxVgUeoutHBsUsAaz X+pu0PgAwmoBbNVtyDeZET4IbcCVB9UnH+7QANaPMpHMRoGSMBhiLT4ulImD8KgvQC U4KDwyu3Zz3mG1mo0hEH9zaS+ghIW4Bql0tqfLA5+Ap1J7eQ88vebBOfO0XAmiZlSR ukCQWNAXJh85STWTJ8yeFEBdOtNRkYmnC62+/upo6yObM2dBirRf5o/3JkjaU/NDBD +4QyWzI569HlsBEEQWbhJAtrmGbQWyy5hh1rSqnc7VWBg67fZaYiyNghFnzWrPHZgW x1xkOko/raFaiFaq3NrHOO5NTNHlkBInXyJ+/jK/6O2wRczrki+nbGaarGPba7zGkm nto/gcXswFggWoToRr8c+hr8=
Authentication-Results:; dkim=none
Received: from Tylan ( []) (authenticated bits=0) by (8.15.2/8.15.2) with ESMTPSA id x62APqR8001098 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NO); Tue, 2 Jul 2019 10:25:52 GMT
Message-ID: <>
From: =?UTF-8?Q?=D0=94=D0=B8=D0=BB=D1=8F=D0=BD_?= =?UTF-8?Q?=D0=9F=D0=B0=D0=BB=D0=B0=D1=83=D0=B7=D0=BE=D0=B2?= <>
To: Tomki <>,
Date: Tue, 02 Jul 2019 10:25:51 +0000
In-Reply-To: <>
References: <>
Content-Type: text/plain; charset="UTF-8"
User-Agent: Evolution 3.33.4
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Virus-Scanned: clamav-milter 0.101.2 at
X-Virus-Status: Clean
Archived-At: <>
Subject: Re: [dmarc-ietf] spec nit - subdomains reporting clarity
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 02 Jul 2019 10:26:07 -0000

Hello Tomki,

The schema for reports is:

first element is <feedback/>, it includes <policy_published/> . <policy_published/> contains <domain/>.  

Do you propose to include in the <domain/> the base domain, that declared implicitly or explicitly the sp= tag, and then
cummulate all data for that domain and subdomains in the same xml.gz report, or do you propose to include several xml.gz
files for each domain in a single email?

Alternative approaches to reduce the amount of emails are:
- include one or more xml reports in a single email, e.g. based on derived policy via the sp= mechanism

- group reports for a single domain owner into one email with many xml files, provided that the recipient address of the
reports is the same.  Here sp= is irrelevant.  This is tricky, when the recitient addresses for two domains overlap, but
are not identical.

- group xml.gz reports for many domain owners (or many distinct second level domains) into a single email, provided that
the recipients of the different reports would be the same.


On Fri, 2019-06-21 at 18:04 -0700, Tomki wrote:
> The spec appears to be unclear on how subdomains are to be reported - ie 
> most but not all implementations have performed this as intended, in the 
> same XML as the top level domain (when the subdomain does not have its 
> own DMARC TXT record)
> Cisco interpreted the current definition to mean that every subdomain 
> seen should get its own XML file. (not just the ones with their own 
> DMARC record)  This results in every individual IronPort system [which 
> has DMARC reporting enabled] generating hundreds to thousands of extra 
> reports every day.
> This can result in corporate reporters like Paypal or Rolls Royce 
> (IronPort users) sending as many reports in a given day as Google.
> The section which should be referred to in implementing a reporting 
> engine is 7.2
> The only relevant bullet that I find here is
> " The report SHOULD include the following data:"
> ....
>    "Data for each Domain Owner's subdomain separately from mail from
>        the sender's Organizational Domain, even if there is no explicit
>        subdomain policy"
> In trying to find out why Cisco implemented their reporting in the way 
> that they did, I've actually had a hard time understanding how others 
> understood that bullet point well enough - I can only imagine that 
> everybody just implemented by following examples of existing 
> implementations.
> A suggested rewording for that bullet point:
> " Data for each Domain Owner's subdomains as separate records in a 
> report titled for the Organizational Domain, unless there is an explicit 
> subdomain policy - in which case a standalone report is generated for 
> that subdomain"
> --Tomki
> _______________________________________________
> dmarc mailing list