Internet Assigned Numbers Authority • Domains • Protocols • Numbers • About Messaging Abuse Reporting Format (MARF) Parameters Created 2010-05-26 Last Updated 2026-01-09 Available Formats [IMG] XML [IMG] HTML [IMG] Plain text Registries Included Below • Feedback Report Header Fields • Feedback Report Type Values Feedback Report Header Fields Registration Procedure(s) Specification Required Expert(s) Scott Kitterman, Murray Kucherawy Reference [RFC5965] Available Formats [IMG] CSV Field Name Description Multiple Related Reference Status Appearances "Feedback-Type" Arrival-Date date/time the original message was received No any [RFC5965] current Auth-Failure Type of email authentication method failure No auth-failure [RFC6591] current Authentication-Results results of authentication check(s) Yes any [RFC5965] current Delivery-Result Final disposition of the subject message No auth-failure [RFC6591] current DKIM-ADSP-DNS Retrieved DKIM ADSP record No auth-failure [RFC6591] current DKIM-Canonicalized-Body Canonicalized body, per DKIM No auth-failure [RFC6591] current DKIM-Canonicalized-Header Canonicalized header, per DKIM No auth-failure [RFC6591] current DKIM-Domain DKIM signing domain from "d=" tag No auth-failure [RFC6591] current DKIM-Identity Identity from DKIM signature No auth-failure [RFC6591] current DKIM-Selector Selector from DKIM signature No auth-failure [RFC6591] current DKIM-Selector-DNS Retrieved DKIM key record No auth-failure [RFC6591] current Feedback-Type registered feedback report type No N/A [RFC5965] current Incidents expression of how many similar incidents No any [RFC5965] current are represented by this report Original-Mail-From email address used in the MAIL FROM portion No any [RFC5965] current of the original SMTP transaction Original-Rcpt-To email address used in the RCPT TO portion Yes any [RFC5965] current of the original SMTP transaction Received-Date date/time the original message was received No any [RFC5965] historic (replaced by "Arrival-Date") a domain name the report generator Reported-Domain considers to be key to the message about Yes any [RFC5965] current which a report is being generated a URI the report generator considers to be Reported-URI key to the message about which a report is Yes any [RFC5965] current being generated Reporting-MTA MTA generating this report No any [RFC5965] current Source-IP IPv4 or IPv6 address from which the No any [RFC5965] current original message was received SPF-DNS Retrieved SPF record No auth-failure [RFC6591] current User-Agent name and version of the program generating No any [RFC5965] current the report Version version of specification used No any [RFC5965] current Source-Port TCP source port from which the original No any [RFC6692] current message was received indicates whether the message about which a Identity-Alignment report is being generated had any No auth-failure [RFC-ietf-dmarc-failure-reporting-24] current identifiers in alignment as defined in [RFC-ietf-dmarc-failure-reporting-24] Feedback Report Type Values Registration Procedure(s) Specification Required Expert(s) Scott Kitterman, Murray Kucherawy Reference [RFC5965] Available Formats [IMG] CSV Feedback Type Name Description Reference Status abuse unsolicited email or some other kind of email abuse [RFC5965] current auth-failure email authentication failure report [RFC6591] current fraud indicates some kind of fraud or phishing activity [RFC5965] current not-spam Indicates that the entity providing the report does not consider the message to be spam. This may be used [RFC6430] current to correct a message that was incorrectly tagged or categorized as spam. other any other feedback that does not fit into other registered types [RFC5965] current virus report of a virus found in the originating message [RFC5965] current Licensing Terms