Messaging Abuse Reporting Format (MARF) Parameters

Created
2010-05-26
Last Updated
2012-07-23
Available Formats

XML

HTML

Plain text

Registries included below

Feedback Report Header Fields

Registration Procedure(s)
Specification Required
Reference
[RFC5965]
Available Formats

CSV
Field Name Description Multiple Appearances Related "Feedback-Type" Reference Status
Arrival-Date date/time the original message was received No any [RFC5965] current
Auth-Failure Type of email authentication method failure No auth-failure [RFC6591] current
Authentication-Results results of authentication check(s) Yes any [RFC5965] current
Delivery-Result Final disposition of the subject message No auth-failure [RFC6591] current
DKIM-ADSP-DNS Retrieved DKIM ADSP record No auth-failure [RFC6591] current
DKIM-Canonicalized-Body Canonicalized body, per DKIM No auth-failure [RFC6591] current
DKIM-Canonicalized-Header Canonicalized header, per DKIM No auth-failure [RFC6591] current
DKIM-Domain DKIM signing domain from "d=" tag No auth-failure [RFC6591] current
DKIM-Identity Identity from DKIM signature No auth-failure [RFC6591] current
DKIM-Selector Selector from DKIM signature No auth-failure [RFC6591] current
DKIM-Selector-DNS Retrieved DKIM key record No auth-failure [RFC6591] current
Feedback-Type registered feedback report type No N/A [RFC5965] current
Incidents expression of how many similar incidents are represented by this report No any [RFC5965] current
Original-Mail-From email address used in the MAIL FROM portion of the original SMTP transaction No any [RFC5965] current
Original-Rcpt-To email address used in the RCPT TO portion of the original SMTP transaction Yes any [RFC5965] current
Received-Date date/time the original message was received (replaced by "Arrival-Date") No any [RFC5965] historic
Reported-Domain a domain name the report generator considers to be key to the message about which a report is being generated Yes any [RFC5965] current
Reported-URI a URI the report generator considers to be key to the message about which a report is being generated Yes any [RFC5965] current
Reporting-MTA MTA generating this report No any [RFC5965] current
Source-IP IPv4 or IPv6 address from which the original message was received No any [RFC5965] current
SPF-DNS Retrieved SPF record No auth-failure [RFC6591] current
User-Agent name and version of the program generating the report No any [RFC5965] current
Version version of specification used No any [RFC5965] current
Source-Port TCP source port from which the original message was received No any [RFC6692] current

Feedback Report Type Values

Registration Procedure(s)
Specification Required
Reference
[RFC5965]
Available Formats

CSV
Feedback Type Name Description Reference Status
abuse unsolicited email or some other kind of email abuse [RFC5965] current
auth-failure email authentication failure report [RFC6591] current
fraud indicates some kind of fraud or phishing activity [RFC5965] current
not-spam Indicates that the entity providing the report does not consider the message to be spam. This may be used to correct a message that was incorrectly tagged or categorized as spam. [RFC6430] current
other any other feedback that does not fit into other registered types [RFC5965] current
virus report of a virus found in the originating message [RFC5965] current