Messaging Abuse Reporting Format (MARF) Parameters

Created: 2010-05-26
Last Updated: 2015-03-24
Available Formats: XML
HTML
Plain text

Registries Included Below

Feedback Report Header Fields
Feedback Report Type Values

Feedback Report Header Fields

Registration Procedure(s)

Specification Required

Expert(s)

Scott Kitterman, Murray Kucherawy

Reference

[RFC5965]

Available Formats

CSV

Field Name	Description	Multiple Appearances	Related "Feedback-Type"	Reference	Status
Arrival-Date	date/time the original message was received	No	any	[RFC5965]	current
Auth-Failure	Type of email authentication method failure	No	auth-failure	[RFC6591]	current
Authentication-Results	results of authentication check(s)	Yes	any	[RFC5965]	current
Delivery-Result	Final disposition of the subject message	No	auth-failure	[RFC6591]	current
DKIM-ADSP-DNS	Retrieved DKIM ADSP record	No	auth-failure	[RFC6591]	current
DKIM-Canonicalized-Body	Canonicalized body, per DKIM	No	auth-failure	[RFC6591]	current
DKIM-Canonicalized-Header	Canonicalized header, per DKIM	No	auth-failure	[RFC6591]	current
DKIM-Domain	DKIM signing domain from "d=" tag	No	auth-failure	[RFC6591]	current
DKIM-Identity	Identity from DKIM signature	No	auth-failure	[RFC6591]	current
DKIM-Selector	Selector from DKIM signature	No	auth-failure	[RFC6591]	current
DKIM-Selector-DNS	Retrieved DKIM key record	No	auth-failure	[RFC6591]	current
Feedback-Type	registered feedback report type	No	N/A	[RFC5965]	current
Incidents	expression of how many similar incidents are represented by this report	No	any	[RFC5965]	current
Original-Mail-From	email address used in the MAIL FROM portion of the original SMTP transaction	No	any	[RFC5965]	current
Original-Rcpt-To	email address used in the RCPT TO portion of the original SMTP transaction	Yes	any	[RFC5965]	current
Received-Date	date/time the original message was received (replaced by "Arrival-Date")	No	any	[RFC5965]	historic
Reported-Domain	a domain name the report generator considers to be key to the message about which a report is being generated	Yes	any	[RFC5965]	current
Reported-URI	a URI the report generator considers to be key to the message about which a report is being generated	Yes	any	[RFC5965]	current
Reporting-MTA	MTA generating this report	No	any	[RFC5965]	current
Source-IP	IPv4 or IPv6 address from which the original message was received	No	any	[RFC5965]	current
SPF-DNS	Retrieved SPF record	No	auth-failure	[RFC6591]	current
User-Agent	name and version of the program generating the report	No	any	[RFC5965]	current
Version	version of specification used	No	any	[RFC5965]	current
Source-Port	TCP source port from which the original message was received	No	any	[RFC6692]	current
Identity-Alignment	indicates whether the message about which a report is being generated had any identifiers in alignment as defined in [RFC7489]	No	auth-failure	[RFC7489]	current

Feedback Report Type Values

Registration Procedure(s)

Specification Required

Expert(s)

Scott Kitterman, Murray Kucherawy

Reference

[RFC5965]

Available Formats

CSV

Feedback Type Name	Description	Reference	Status
abuse	unsolicited email or some other kind of email abuse	[RFC5965]	current
auth-failure	email authentication failure report	[RFC6591]	current
fraud	indicates some kind of fraud or phishing activity	[RFC5965]	current
not-spam	Indicates that the entity providing the report does not consider the message to be spam. This may be used to correct a message that was incorrectly tagged or categorized as spam.	[RFC6430]	current
other	any other feedback that does not fit into other registered types	[RFC5965]	current
virus	report of a virus found in the originating message	[RFC5965]	current