I just saw an interesting observation on the dmarc-discuss mailing list. Apparently some of the larger providers who are implementing DMARC for inbound email may not be handling some of the grubbier corners of the spec perfectly. That’s not surprising at all – early adopters tend to deploy code that implements early versions of the draft specification – but I can see this particular issue tripping up people who are beginning to deploy DMARC for their outbound mail.
DMARC includes the feature of requesting feedback reports about authentication failures – you just include the email address you want them sent to as a mailto: URI in the rua= and ruf= fields:
ruf=mailto:dmarc-feedback@example.com
Pretty simple. But DMARC extends the usual URI syntax to add an (optional) size limit, by adding an exclamation mark and a size limit at the end:
ruf=mailto:dmarc-feedback@example.com!10m
I’m not sure exactly what would happen if a standard URI parser were used for that field, instead of a DMARC-specific parser, but it might error out (“!” isn’t a valid unescaped character in a mailto: URI) or it might try and send mail to the domain “example.com!10m”. It’s easy to imagine how it might fail.
So if you’re beginning to deploy DMARC and you’re not seeing feedback reports you’re expecting you might want to avoid the size limit extension.
Did anyone really see a size limitation in the wild?
We published an fo=d policy, it looks like nobody is really respecting it (out of the 3 ruf responders). which is a pity, because I had to spend quite some time hunting down the misaligning stream.