Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality

Alessandro Vesely <> Wed, 02 December 2020 10:21 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 8FD873A105C for <>; Wed, 2 Dec 2020 02:21:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.121
X-Spam-Status: No, score=-2.121 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1152-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SlENF3XM1iwI for <>; Wed, 2 Dec 2020 02:21:02 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 4EB6C3A0EF0 for <>; Wed, 2 Dec 2020 02:21:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=delta; t=1606904457; bh=4KtS+XuOVNz0UbNvfnqNJgV6YOlYPgbuQpnRj+7jrrw=; l=1127; h=To:References:From:Date:In-Reply-To; b=DguB/Ke8Oo10zYcBuIEwXznuf+jZKgzRQimd7eTigP3RYMQemZKXDopo+1Jn0y8VZ +ptWe9dpuevYFEx/PKe+GpZNVCSLvQvrfLUnqa0tmiumIpqBNJOr+YsJ0DpXmhSZYR Ir6zAADrSOhNCtfGFB+OuR9LFnRmOEamzmpAYClTEq9oT3xXTco9XEjwwXItm
Authentication-Results:; auth=pass (details omitted)
Original-From: Alessandro Vesely <>
Received: from [] (pcale.tana []) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by with ESMTPSA id 00000000005DC07C.000000005FC76A89.00000C5D; Wed, 02 Dec 2020 11:20:57 +0100
References: <>
From: Alessandro Vesely <>
Message-ID: <>
Date: Wed, 2 Dec 2020 11:20:57 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.0
MIME-Version: 1.0
In-Reply-To: <>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <>
Subject: Re: [dmarc-ietf] Ticket #42 - Expand DMARC reporting URI functionality
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 02 Dec 2020 10:21:06 -0000

On Tue 01/Dec/2020 23:21:48 +0100 John R Levine wrote:
> We would like to close this ticket by Dec 15, two weeks from now, so short 
> trenchant comments are welcome.
> [...]
> We can adapt the approach MTA-STS uses in RFC 8460.
> If rua= has an https URI, the reporter uses HTTP POST to that URI with
> the report as an uncompressed or gzipped XML file as the POST body.

TL;DR: neutral

Delivery via https, with possible retry queue, imposes an additional burden to 
report producers.  Since there seem to be less producers than consumers, it may 
be fair to grant the choice of transport to the former.  That is, to make the 
mailto scheme mandatory and https optional.

Even if the the spec allows consumers to specify the transport they like 
better, there will probably be producers which only honor one type.  So, 
consumers may want to specify both schemes anyway.

A better means to control report size is to gauge the reporting interval.

The addition of the new transport doesn't seem to simplify things.  I fail to 
see the advantage, but I can cope with it if it comes.