Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)

Douglas Foster <> Mon, 25 January 2021 03:27 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 3972A3A0D81 for <>; Sun, 24 Jan 2021 19:27:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -0.197
X-Spam-Status: No, score=-0.197 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id WFvhmzaU8cFl for <>; Sun, 24 Jan 2021 19:27:14 -0800 (PST)
Received: from ( [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 83CA73A0D7A for <>; Sun, 24 Jan 2021 19:27:14 -0800 (PST)
Received: by with SMTP id n18so6436472vsa.12 for <>; Sun, 24 Jan 2021 19:27:14 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=+Etsfql0YmKJqy6LzrQSZ6QI2UNcTJwfGLALVTTU7pU=; b=OVpLfJ2fCEXsowcQltulXqMP+k58VzriDpLHQAtF7+NMtwIPmyb+MdeT85rACdJtSm mNpyvz+0tzU/k/G/wncM4ZsP6NjwkOduDY950/lFvn/+5KQ3lfi9q+Psv9vQBjO1zxGh AkHZfSStGNI+EzSgC3rSJ3wliAWybfAXsZh2QWIYXNOEQTfN/f9D1HXarm91ApUOyNIl 9bRuQrVEK04QTdoUDQbTaywAezmGyATUxoqxf6y+yi3gWky2ThiCK6S8+wC+9dXxzDQa JdA8VPoEcOkJvSWk90DkBxYgF/4j+6L6EfBootgyj3Kh65Pa0feoHMG8sO0KhlqC6nR7 FUgw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=+Etsfql0YmKJqy6LzrQSZ6QI2UNcTJwfGLALVTTU7pU=; b=iu2zKItkZ7NfDRFUFSl4Z8utplDlXa2bBtEYG2cuOpZQAdQhpYaUeje2AfRTEcop7c JjY8AsPHlzqsZhYZUmK1jstQbd6g+u93tqJB4a2AjGXFCWpaM8VXla+lj+tuIZmPEPhB 4gdyOnpExXGXG/QObdJkmknKDdI1dbRpR2k0C7zkcjKQxCii8gIjSY6NjqRh/x7yqq8/ c/32CRhB4dK5ioYxMG1DR3Sb90xuPI2ELhOGLn4QJ3ifbJERViQhVtYoimlPe5gMpFLw VGMhF+mxgOwX6UrIRGzf/x2VDyjcpwabnz21Jlj2KUHKhVSVad0Vi/Vq9HaoptBj/8wq nDiw==
X-Gm-Message-State: AOAM533WZeNOINrPy9QJN5RyRy6okXU1neNE7rKIL0BdtPt4Mn31vC4w FJkI9Wl2q5W0/AlMShG+LCqgLere37budX2bX86rzRe/ZJA=
X-Google-Smtp-Source: ABdhPJxfjQWPRrMRZoc3FMRfhqFV/FUh9k/Fkr+b1KFodG3tM9SwIf25ruMYTNtAuH7/MlY926k5KXxlF67Y8sWxQ7E=
X-Received: by 2002:a67:24c5:: with SMTP id k188mr590400vsk.16.1611545233187; Sun, 24 Jan 2021 19:27:13 -0800 (PST)
MIME-Version: 1.0
References: <>
In-Reply-To: <>
From: Douglas Foster <>
Date: Sun, 24 Jan 2021 22:27:03 -0500
Message-ID: <>
Content-Type: multipart/alternative; boundary="00000000000029e7f005b9b11db6"
Archived-At: <>
Subject: Re: [dmarc-ietf] Which DKIM(s) should be reported? (Ticket #38)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 25 Jan 2021 03:27:16 -0000

Currently, my filter only evaluates signatures that are relevant to From
alignment, and stops after the first success.   For that decision process,
all that I need returned (and stored) is a Pass/Fail result; I don't need
the details of the algorithm evaluated.  Any additional information
collection is for the benefit of someone else, not the needs of my own

The burden of data collection is proportionate  to the amount of data
collected.  DMARC reporting is a courtesy service from the data collector
to the domain owner.  Each effort to increase the precision of the data may
reduce the number of domains willing to provide that information.

I suggest that we need report consumers in this group to discuss how they
use the current data and the proposed additions to that data, so that a
cost/benefit assessment can be made.   At least some of that justification
should be included in the final document, since one purpose of that
document will be to convince non-reporting entities to begin sending

Doug Foster

On Sun, Jan 24, 2021 at 7:25 PM Brotman, Alex <Alex_Brotman=> wrote:

> Hello folks,
> Some time ago, an issue[1] was brought to the list where which DKIM(s)
> being reported is not clear in RFC7489 [2].  There was a short discussion,
> though no clear resolution before conversation trailed off.  It seems like
> there were points that may need to be discussed.  One was whether the
> reporting SHOULD report all signatures, regardless of alignment or
> validity, or perhaps just the one that aligns (if there is one).  There was
> also another question if there should be a limit to the number of
> signatures reported so that it remains sane.
> We'd like to try to get this resolved within about two weeks.  Thank you
> for your feedback.
> 1:
> 2:
> --
> Alex Brotman
> Sr. Engineer, Anti-Abuse & Messaging Policy
> Comcast
> _______________________________________________
> dmarc mailing list