Better feedback loop to sending service upon DMARC failure

[seth@…]

Small services rarely ever know when mail sent is being blocked by DMARC - it should be easier for them to understand.

The impact here is generally more obvious when a domain is at reject than when it as at quarantine, because in the latter case mail is accepted. Some services provide status codes in both cases, but in general small services don't notice no matter what. Is there something that can be done here?

[todd.herr@…]

Section 6.7 argues against this ticket at present:

Mail Receivers are only obligated to report reject or quarantine
policy actions in aggregate feedback reports that are due to DMARC
policy.  They are not required to report reject or quarantine actions
that are the result of local policy.  If local policy information is
exposed, abusers can gain insight into the effectiveness and delivery
rates of spam campaigns.

[todd.herr@…]

{#rejecting-messages} already contains the following text:

Similarly, the text portion of the SMTP reply may be important to
consider.  For example, when rejecting a message, revealing the
reason for the rejection might give an attacker enough information to
bypass those efforts on a later attempt, though it might also assist
a legitimate client to determine the source of some local issue that
caused the rejection.

In the latter case, when doing an SMTP rejection, providing a clear
hint can be useful in resolving issues.  A receiver might indicate in
plain text the reason for the rejection by using the word "DMARC"
somewhere in the reply text.  Many systems are able to scan the SMTP
reply text to determine the nature of the rejection.  Thus, providing
a machine-detectable reason for rejection allows the problems causing
rejections to be properly addressed by automated systems.  For
example:

    550 5.7.1 Email rejected per DMARC policy for example.com

If a Mail Receiver elects to defer delivery due to inability to
retrieve or apply DMARC policy, this is best done with a 4xy SMTP
reply code.

Small services that want some clue as to their mail's delivery or deliverability and how it's affected by their DMARC policies can avail themselves of bounce logs and third party services just as large services do.