Messaging Abuse Reporting Format (MARF) Parameters
2010-05-26
2015-03-24
Feedback Report Header Fields
Specification Required
Scott Kitterman, Murray Kucherawy
Arrival-Date
date/time the original message was received
No
any
current
Auth-Failure
Type of email authentication method failure
No
auth-failure
current
Authentication-Results
results of authentication check(s)
Yes
any
current
Delivery-Result
Final disposition of the subject message
No
auth-failure
current
DKIM-ADSP-DNS
Retrieved DKIM ADSP record
No
auth-failure
current
DKIM-Canonicalized-Body
Canonicalized body, per DKIM
No
auth-failure
current
DKIM-Canonicalized-Header
Canonicalized header, per DKIM
No
auth-failure
current
DKIM-Domain
DKIM signing domain from "d=" tag
No
auth-failure
current
DKIM-Identity
Identity from DKIM signature
No
auth-failure
current
DKIM-Selector
Selector from DKIM signature
No
auth-failure
current
DKIM-Selector-DNS
Retrieved DKIM key record
No
auth-failure
current
Feedback-Type
registered feedback report type
No
N/A
current
Incidents
expression of how many similar incidents are represented by this report
No
any
current
Original-Mail-From
email address used in the MAIL FROM portion of the original SMTP transaction
No
any
current
Original-Rcpt-To
email address used in the RCPT TO portion of the original SMTP transaction
Yes
any
current
Received-Date
date/time the original message was received (replaced by "Arrival-Date")
No
any
historic
Reported-Domain
a domain name the report generator considers to be key to the
message about which a report is being generated
Yes
any
current
Reported-URI
a URI the report generator considers to be key
to the message about which a report is being
generated
Yes
any
current
Reporting-MTA
MTA generating this report
No
any
current
Source-IP
IPv4 or IPv6 address from which the original message
was received
No
any
current
SPF-DNS
Retrieved SPF record
No
auth-failure
current
User-Agent
name and version of the program generating the report
No
any
current
Version
version of specification used
No
any
current
Source-Port
TCP source port from which the original message was received
No
any
current
Identity-Alignment
indicates whether the message about which a report is
being generated had any identifiers in alignment as defined in
No
auth-failure
current
Feedback Report Type Values
Specification Required
Scott Kitterman, Murray Kucherawy
abuse
unsolicited email or some other kind of email abuse
current
auth-failure
email authentication failure report
current
fraud
indicates some kind of fraud or phishing activity
current
not-spam
Indicates that the entity providing the report does not
consider the message to be spam. This may be used to correct a
message that was incorrectly tagged or categorized as spam.
current
other
any other feedback that does not fit into other registered types
current
virus
report of a virus found in the originating message
current