Re: [dmarc-ietf] Recipient domain in aggregate reports (#23)

Douglas Foster <> Sun, 02 May 2021 23:08 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 155183A1164 for <>; Sun, 2 May 2021 16:08:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id jEUgp3Im47lr for <>; Sun, 2 May 2021 16:08:38 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4864:20::32b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 97D5D3A11BD for <>; Sun, 2 May 2021 16:08:32 -0700 (PDT)
Received: by with SMTP id 103-20020a9d0d700000b02902a5baf33f37so3095099oti.9 for <>; Sun, 02 May 2021 16:08:32 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=ANulLFI73ej5lmKuNdsaimZVF16wY0XuLGs/HmDvoLw=; b=jXiUd6DTPOd+eU6pL6Hgg5UeqT/fiV/QX9tmGJdAVFVq/TY/buGN8nZYczDhyqxzpc DqMX5R4Lq1IQp/Z0Uys0jSwGAuBE1HRJJrF9DM5zulq7/tGVwQaS1ktPlb9+EJtGyu2T 0I8URb3vsGAoorwZ+YgvUL+1jpUtYRMF7UbRZ7ONWz32Cl2mx8nJ07MuBnOCJf2uWNAk vnIAC4qTqexQS8o1T3Xujhs8FjbP7fGSKveMMX3rEaFT5bml3tvAVcStOOBXPmPiJv2S R8ZYRFF7vMv64TIkKUZsytUsRvwiPA9I2bfJh8J8GHr9ETcRkKpP707eancZ3R0PXGeo FLJw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=ANulLFI73ej5lmKuNdsaimZVF16wY0XuLGs/HmDvoLw=; b=ZSntIxpIevvs5B6ZGlDo2ysVmjM48DW6AXOWjaEbAC4Nv0OUmAOgOB8oPntNIK5RzA 9G+KvSv0faWBkfkJAll/fPXjfv0oJiMfHPj6h5P7i2BtHbOJgXQfMntY6cgQ6+lfmwev BgQu+Y6ZubJ9McwsOrNtpjHpaJnRvR6uzLlFjj0OyjUyZMkz9VgsHCkk0+4RH6YtoNVP oNOLPbNXFyF2c6GS4p+8XA6osUCIDU/cPRtk2xiAfKSvWVr5QlroklXhYNqbWj3L4pD5 jSRyf372xgNAQ25nyf41szwtb6V0kNnV5W0T0MzhQJXafjRk/2Mu4bnzKS95lYoR7+kw GaZA==
X-Gm-Message-State: AOAM532Vq2fjxDFKaL8zlQpfvi4rqoGosiNw6/SF1w5D0ZSbMWHHSMcm hOiOqtaT4whpcIzah43uH5tIW8i7MO5DNLaRqiOU+ZvmNKk=
X-Google-Smtp-Source: ABdhPJwfxFWSc6kvD4VP0b3mIrLWNMh2uLDifXQPTdZNaK+sLMI3uxKQaQ435i3MRD+LSmMv2febLhxl+T6cuF6/sTc=
X-Received: by 2002:a05:6830:16ca:: with SMTP id l10mr11535960otr.240.1619996910480; Sun, 02 May 2021 16:08:30 -0700 (PDT)
MIME-Version: 1.0
References: <> <20210502203007.2AE156284F0@ary.qy>
In-Reply-To: <20210502203007.2AE156284F0@ary.qy>
From: Douglas Foster <>
Date: Sun, 2 May 2021 19:08:20 -0400
Message-ID: <>
Content-Type: multipart/alternative; boundary="00000000000062f03c05c160ec24"
Archived-At: <>
Subject: Re: [dmarc-ietf] Recipient domain in aggregate reports (#23)
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sun, 02 May 2021 23:08:49 -0000

John, your logic is circular. The only way that Matthäus can know if he
objects to what you are doing with his message is to monitor what you are
doing with his message.

It is also irrelevant.  Data privacy is pretty thoroughly lost,
notwithstanding GDMR's efforts to fight the system.   It seems silly to
suggest that you have privacy protection if the RUA report omits the
domain, and privacy loss if it is included.   All the omission does is to
make the problem a little harder, which means the tech giants have an
advantage over the little guy.  As you have already said, and apparently
implemented, one way of gathering this information is to use a different
DKIM selector for every recipient, ensuring feedback that includes both
domain and local-part.

More than anything, your tone bothered me.   This is discussion, not a
battle.  I don't feel a personal stake in the outcome of this discussion,
and I am sympathetic to concerns that reports will get too big.   But
his question is a legitimate topic for discussion..

Doug Foster

On Sun, May 2, 2021, 4:30 PM John Levine <> wrote:

> It appears that Matthäus Wander <> said:
> >envelope_to allows you to automatically correlate these reports and
> >reconstruct the forwarding path. This helps to identify the culprit who
> >is breaking DKIM signatures, especially with longer forwarding chains.
> >Without envelope_to, reconstructing the mail flow requires guessing and
> >manual work.
> It is none of your business to whom I forward my mail. If you think
> you know what I am doing and have some objection to the way I am
> handling mail you send to my users, you can feel free to stop sending
> me mail or stop complaining.
> This is a complete non-starter.
> R's,
> John
> _______________________________________________
> dmarc mailing list