Adoption rates of those looking to receive TLS reports via https are as low as
those sending them. Https reports account for about 0.2% of the total reports
that we send. I would love to see more adoption here, as I agree in your
thought that they are preferable.
Our biggest gripe with the current spec is specific to DKIM and the suggestion
of using a service type declaration of “s=tlsrpt” in the DKIM public key.
Support for this service type at receiving systems appears to be rather abysmal
based on our logs and DMARC reports. While we originally included this service
type in our key, we’ve since removed it to reduce DMARC failures.
Thanks,
Brian Godiksen
SocketLabs
On Apr 9, 2020, at 2:00 PM, John R. Levine <johnl(_at_)iecc(_dot_)com> wrote:
While avoiding actual work I twiddled my STS reporting setup to get reports
for some of my domains by https rather than mailto. So far I have one (1)
report from Socketlabs and nothing from anyone else.
Does anyone else send reports by https? If anything it's easier than sending
them by mail since there's no DKIM or other verification needed, just do a
POST and you're done.
Regards,
John Levine, johnl(_at_)taugh(_dot_)com, Primary Perpetrator of "The Internet
for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp
_______________________________________________
ietf-smtp mailing list
ietf-smtp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/ietf-smtp