ietf-svn-bot
commented
4 years ago @freddie@freddieleeman.nl commented
My blog on DMARC reporting and RFC guidelines: https://www.uriports.com/blog/dmarc-reports-ietf-rfc-compliance/
The DMARC aggregate report has an element with the name policy_published. This name would indicate that the elements within, contain the domain's published policy. The current RFC explains this element as PolicyPublishedType.
The comments mention "applied" which is in contrast to the name of the element (policy_published), as some organizations that send aggregate reports do not send failure reports and thus do not "apply" the "fo" (Failure reporting options) element. This particular element's comment also implies that it is optional: "failure reporting options in effect". On the other hand, this element has a default minOccurs value of 1, so it should not be omitted.
If you ask me, the comments are to blame, and that's why so many organizations have a different implementation. I think the element policy_published should just be just that: "the published policy". When a policy tag is omitted in the prolicy because it is optional (adkim, aspf, sp, pct and fo), the tag's default value should be used in the reports.
As the default minOccurs value is 1, I suggest we remove the minOccurs=0 in this situation instead of changing it to minOccurs=1.
resolution_fixedtype_enhancement| by vesely@tana.itNote added by Freddie Leeman in http://bit.ly/dmarc-rpt-schema
The comment before changed to:
Consequently, minOccurs="0" is struck out from elements adkim and aspf.
The phrase "in effect" is struck out from the comment preceding element fo.
Issue migrated from trac:31 at 2022-01-24 16:15:27 +0000