Discussion:
[dmarc-discuss] What is the usefulness of choosing 'iodef' versus 'afrf" ?
DMARC via dmarc-discuss
2017-12-06 14:48:09 UTC
Permalink
I've always been a little confused with the distinctions between
the 'iodef' Incident Object Description Exchange Format or 'afrf'
Authentication Failure Reporting Formats.

Obviously, afrf has become the defacto standard, as that's all I see in any
DMARC record that I examine.

I've reviewed https://tools.ietf.org/html/rfc5070 and am no closer to
appreciating the impact of selecting one format over another.

Is this an example where one standard as been publically accepted and the
competing standards are more or less deprecated in deployment ?

Thanks, Jack
Ken O'Driscoll via dmarc-discuss
2017-12-06 16:02:14 UTC
Permalink
Post by DMARC via dmarc-discuss
I've always been a little confused with the distinctions between
the 'iodef' Incident Object Description Exchange Format or 'afrf'
Authentication Failure Reporting Formats.
Obviously, afrf has become the defacto standard, as that's all I see in
any DMARC record that I examine.
I've reviewed https://tools.ietf.org/html/rfc5070 and am no closer to
appreciating the impact of selecting one format over another.
Is this an example where one standard as been publically accepted and the
competing standards are more or less deprecated in deployment ?
My understanding is that IODEF is supported by Incident Response tools so
if you wanted your DMARC reports to feed in to one of those, you'd pick it.

I haven't encountered this use-case yet with a deployment so this is just
my guess.

Ken.

-- 
Ken O'Driscoll / We Monitor Email
t: +353 1 254 9400 | w: www.wemonitoremail.com

Need to understand deliverability? Now there's a book:
www.wemonitoremail.com/book

_______________________________________________
dmarc-discuss mailing list
dmarc-***@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/no
John Levine via dmarc-discuss
2017-12-06 16:37:09 UTC
Permalink
Post by DMARC via dmarc-discuss
Is this an example where one standard as been publically accepted and the
competing standards are more or less deprecated in deployment ?
They're different applications so they use different schemas. DMARC
reports don't describe incidents, and are unlike the stuff IODEF is
generally used for, phishing and DDoS.

There are plenty of applications that use iodef; start here:

http://siis.realmv6.org/implementations/

R's,
John


_______________________________________________
dmarc-discuss mailing list
dmarc-***@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Loading...