antispamcloud.com (SpamExperts) forensics reports format
Hello, We are parsing dmarc reports using parsedmarc and the forensics reports coming from antispamcloud.com seems not to follow the recommended reporting format (AFRF) and therefore are considered invalid. Maybe is there anyone from SpamExperts in this list that could enlighten me about how we could request to receive the reports in a common format? If I understand correctly that should be the case by default: https://tools.ietf.org/html/rfc7489#section-7.3 When a Domain Owner requests failure reports for the purpose of forensic analysis, and the Mail Receiver is willing to provide such reports, the Mail Receiver generates and sends a message using the format described in [AFRF]; this document updates that reporting format, as described in Section 7.3.1. https://tools.ietf.org/html/rfc7489#section-6.3 rf: Format to be used for message-specific failure reports (colon- separated plain-text list of values; OPTIONAL; default is "afrf"). The value of this tag is a list of one or more report formats as requested by the Domain Owner to be used when a message fails both [SPF] and [DKIM] tests to report details of the individual failure. The values MUST be present in the registry of reporting formats defined in Section 11; a Mail Receiver observing a different value SHOULD ignore it or MAY ignore the entire DMARC record. For this version, only "afrf" (the auth-failure report type defined in [AFRF]) is presently supported. See Section 7.3 for details. For interoperability, the Authentication Failure Reporting Format (AFRF) MUST be supported. Instead we receive it with this format: A message claiming to be from you has failed the published DMARC policy for your domain. Sender Domain: xyz.ch Sender IP Address: x.x.x.x Received Date: Fri, 04 Sep 2020 16:37:40 +0200 SPF Alignment: no DKIM Alignment: no DMARC Results: None, Accept ------ This is a copy of the headers that were received before the error was detected. [then all headers of the offending message here that I removed for this post] Thanks a lot for your infos and help. Kind regards, Sébastien RICCIO SYSTEM ADMINISTRATOR P +41 840 888 888 F +41 840 888 000 M sriccio@swisscenter.com<mailto:sriccio@swisscenter.com>
In article <120a24d4e0da4f2392a25a8140be2a9d@ex1.obs.local> you write:
We are parsing dmarc reports using parsedmarc and the forensics reports coming from antispamcloud.com seems not to follow the recommended reporting format (AFRF) and therefore are considered invalid.
You're right, they're not following the DMARC spec that says the reports are sent in multipart/report ARF format. Followups to the mailop list, where people who know about this stuff are likely to read them. -- Regards, John Levine, johnl@taugh.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly
participants (2)
-
John Levine
-
Sébastien Riccio