#98 closed defect (worksforme)

failure reports should be authenticated

Reported by: mike@… Owned by:
Priority: major Milestone:
Component: dmarc-bis Version:
Severity: - Keywords:


failure reports are currently delivered by email, but the document doesn't have any guidance about authentication either for the sender, or what the receiver should do if it doesn't get a valid DKIM signature or SPF pass. there should be normative language which specifies their respective behaviors.

"Email that delivers the DMARC failure reports of any kind MUST be either signed with a valid DKIM signature from the domain it purports to come from, or must pass an SPF validation [mat: wrong parlance most likely... help]. Receivers SHOULD discard the email report if they cannot be validated as authentic from the sending domain."

Change History (1)

comment:1 Changed 14 months ago by johnl@…

  • Resolution set to worksforme
  • Status changed from new to closed

Sec already says reports must be aligned.

Note: See TracTickets for help on using tickets.