[Top] [All Lists]

Re: [ietf-smtp] MTA-STS reports via HTTPS

2020-04-09 17:06:52
Adoption rates of those looking to receive TLS reports via https are as low as 
those sending them.  Https reports account for about 0.2% of the total reports 
that we send. I would love to see more adoption here, as I agree in your 
thought that they are preferable.  

Our biggest gripe with the current spec is specific to DKIM and the suggestion 
of using a service type declaration of “s=tlsrpt” in the DKIM public key.  
Support for this service type at receiving systems appears to be rather abysmal 
based on our logs and DMARC reports.  While we originally included this service 
type in our key, we’ve since removed it to reduce DMARC failures.

Brian Godiksen

On Apr 9, 2020, at 2:00 PM, John R. Levine <johnl(_at_)iecc(_dot_)com> wrote:

While avoiding actual work I twiddled my STS reporting setup to get reports 
for some of my domains by https rather than mailto.  So far I have one (1) 
report from Socketlabs and nothing from anyone else.

Does anyone else send reports by https?  If anything it's easier than sending 
them by mail since there's no DKIM or other verification needed, just do a 
POST and you're done.

John Levine, johnl(_at_)taugh(_dot_)com, Primary Perpetrator of "The Internet 
for Dummies",
Please consider the environment before reading this e-mail.

ietf-smtp mailing list

ietf-smtp mailing list