[dmarc-ietf] Failure Reports, section 2, reporting frequency
Douglas Foster <dougfoster.emailstandards@gmail.com> Thu, 03 July 2025 11:48 UTC
Return-Path: <dougfoster.emailstandards@gmail.com>
X-Original-To: dmarc@mail2.ietf.org
Delivered-To: dmarc@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 22DC43D5FE79 for <dmarc@mail2.ietf.org>; Thu, 3 Jul 2025 04:48:29 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 15flJ2eBcNzi for <dmarc@mail2.ietf.org>; Thu, 3 Jul 2025 04:48:28 -0700 (PDT)
Received: from mail-pj1-x1034.google.com (mail-pj1-x1034.google.com [IPv6:2607:f8b0:4864:20::1034]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id C4FE33D5FD74 for <dmarc@ietf.org>; Thu, 3 Jul 2025 04:48:22 -0700 (PDT)
Received: by mail-pj1-x1034.google.com with SMTP id 98e67ed59e1d1-312e747d2d8so733003a91.0 for <dmarc@ietf.org>; Thu, 03 Jul 2025 04:48:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1751543301; x=1752148101; darn=ietf.org; h=to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=MzulN4VJgkf1XeUTBkE2lkgSM0P8mDjHRtXXhFYCTUs=; b=ei5zIcJOyX2pXK9SyZ/T4B0+voYFSCp+9gvclzl7uo+VmAY6cBXSt7eDN1IsqOGBGR Fr/Lu7DV+VIv/13RBsyQFGC8qvPJgY3Mi3x5JjISOA63yNK9WgoTZA/7udNYG0IEwBsN CtS1fhSnOii83zBAvdBcDR7H+nluidhthbU2qVhTUgJuwFPqEnt/ohFsJPkAmsmRJmhF WhEbbkF9nBJN5+SyDmecSmrPtWKDwd4BXxlE775BY2O2yoM1hqtKOERe4gIySr7aJfqn S+9ZO3y4CdfhGiQGXigcJCoQVrCCTELjTZIbOS2gVlq0S8HZI2rOdEYiEASBPXonTRpY 2QKw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1751543301; x=1752148101; h=to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=MzulN4VJgkf1XeUTBkE2lkgSM0P8mDjHRtXXhFYCTUs=; b=gkk/PpeNpzZJnzB8iEQd8g8S2tE24VH7kjRPoamoYmZP/2LIbGldnc1IraM8Rb6cuD K/v3AP+gBj5QkLXBfRdfW8g/rgvow9rFp6Enn30h6zWu72hMdaeJIfE4OBPKVwjjd647 W7NOX2OfekzFNtKmF0j1+j+/1aZVJLwsKwH4EUqVmZ3M6a2t2yh5nJcx4XXPeGn6X1Gz rKHpqlG01gBxyYfa/nUOI8rpXY6PSxIrYr+uQg00NoO1K+8BNnFxO+LOJBkeYXRANi2r Ktlb4K3FpoiABhhxHGg9iL3gEFofofV14BH2vzT9zH9ZbVZm78tB14cUruZ71OQzFBLn p8Zw==
X-Gm-Message-State: AOJu0YzKpxEXsQSXZ6qoh53JxOIig3HXqqQ7WDojqG2jkCWv03J7ApoU tJTo3gbYPZUtXBGuGqCf0JaZpEXkUfLgJPgUxlTWBmdehQI/tD9ZSQXY7iYXIeF/I0/BDUu9cHB 6X6JFjOWSzEbeM4xBKDXuQjIGynew/mXv2l3g
X-Gm-Gg: ASbGncsfvUrxojVuBwQ83S1KHq4glbSd+LzDYjCei4jn2hwzuuyeySN1g2f04u+DKJF iB+csoYqEQLu6ZOIHyj0QKhny+epN3mkB8ZM/xPgN9aXUhHXhsgdnxXX67CIk1tMC9oNsXy7bAw 5T9fK93wRflIH2zPoKq1/GLMTSQV9+gVihdA0ouI5HVzlPrpCjfGDWVteBlPDDC9Lbz61NXk03N ME=
X-Google-Smtp-Source: AGHT+IEdcpJb4U5vaqHsNTSHEdKg/EahlbQjWHKJZ+znzSSXk3EcKRGSRfLe6ac5V7ZY7yJOYIzmQRu0swwn0MHkS2c=
X-Received: by 2002:a17:90b:498e:b0:30a:3e8e:ea30 with SMTP id 98e67ed59e1d1-31a9f59df4fmr2636097a91.11.1751543301447; Thu, 03 Jul 2025 04:48:21 -0700 (PDT)
MIME-Version: 1.0
From: Douglas Foster <dougfoster.emailstandards@gmail.com>
Date: Thu, 03 Jul 2025 07:48:12 -0400
X-Gm-Features: Ac12FXzmXNzzBGCt-Sx7dwctjlSVHl8nuJKRhxzXLKh-feg3FHb8mdtw_JNnr7I
Message-ID: <CAH48ZfzbqWsL4tyKe_s_VxqkrJHmVF4UK2qC39zp0v4pavENSQ@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000004aa3c1063904f434"
Message-ID-Hash: Y4JQYC2XOXUV7MF3I2NMX4G62MQWEZRA
X-Message-ID-Hash: Y4JQYC2XOXUV7MF3I2NMX4G62MQWEZRA
X-MailFrom: dougfoster.emailstandards@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-dmarc.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [dmarc-ietf] Failure Reports, section 2, reporting frequency
List-Id: "Domain-based Message Authentication, Reporting, and Compliance (DMARC)" <dmarc.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/VmaOUYkd8q4w8xC6Jdrqpx89V0E>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Owner: <mailto:dmarc-owner@ietf.org>
List-Post: <mailto:dmarc@ietf.org>
List-Subscribe: <mailto:dmarc-join@ietf.org>
List-Unsubscribe: <mailto:dmarc-leave@ietf.org>
I believe the reporting strategy needs to be defined in more detail than provided in section 2, because we need to ensure that report volumes are manageable for both sender and receiver, and to ensure that receivers can make sense of multiple reports from multiple sources. Leaving this issue to the imagination of each implementer will cause interoperability problems. . I propose the following: Reporting Frequency "The aim of failure reporting is not to count each and every failure, but rather to report different failure conditions." These design considerations apply to this goal: A failure condition is defined as a unique combination of RFC5322.From Domain, RFC5321.MailFrom domain, and source IP address. This corresponds to the three parameters of the SPF alignment test. It also provides enough granularity so that separate problems are likely to be reported separately. This approach also helps a report receiver classify whether reports from different receivers represent different conditions or multiple information sources about a single condition. Failure reports need to be repeated periodically, to ensure that the receiver has sufficient information to solve the problem, to ensure that failure conditions are not overlooked, and to provide clarity about whether a condition is resolved or not. However, excessive reporting will hinder efforts to solve known problems, and may cause report senders or report recipients to cease participation in failure reporting. Some failure conditions will represent crises that require a prompt response, some failure conditions will involve complexity that takes time to resolve, and some failure conditions will be unsolvable. The reporting frequency needs to correspond to these situations. Given these considerations, the following guidelines are provided: New failure conditions should be reported promptly. The initial report will generally represent a single message, but may represent multiple messages if a cluster of messages are received together. After the initial report is sent, no more reports are sent until the end of a time interval. The time interval is gradually increased so that the volume of reports on a single condition declines. The following reporting intervals are recommended: After the initial report, send additional reports at hourly intervals if additional failures occur. After the first day, send additional reports at daily intervals if additional failures occur. After two weeks, send additional reports at weekly intervals until the problem is resolved or the administrator concludes that further reporting is not useful. Doug Foster
- [dmarc-ietf] Failure Reports, section 2, reportin… Douglas Foster
- [dmarc-ietf] Re: Failure Reports, section 2, repo… Dotzero
- [dmarc-ietf] Re: Failure Reports, section 2, repo… Alessandro Vesely
- [dmarc-ietf] Re: Failure Reports, section 2, repo… Douglas Foster