Hi everybody.
I use the ‘XML to Human converter’ page to analyze my DMARC reports.
for a report I still have the message
invalid xml file.
when I edit this xml and look at it it seems compliant.
Do you have any idea what’s going on?
Thank you for your answers and for your help!
It is impossible to tell without seeing it.
I found one occasion of invalid XML files in case of a DKIM record containing “k=ed25519”, some reporters don’t understand this and report an empty dkim domain and empty selector. These dmarc reporters only understand “k=rsa”.
they all came from infomaniak.com
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
<org_name>infomaniak.com</org_name>
<email>dmarc@infomaniak.com</email>
<report_id>mycorp.fr:1716426001</report_id>
<date_range>
<begin>1716328800</begin>
<end>1716415200</end>
</date_range>
</report_metadata>
<policy_published>
<domain>mycorp.fr</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>10</pct>
</policy_published>
<record>
<row>
<source_ip>163.172.240.111</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
<reason>
<type>local_policy</type>
<comment>arc=fail</comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<header_from>mycorp.fr</header_from>
</identifiers>
<auth_results>
<spf>
<domain></domain>
<result>pass</result>
</spf>
<dkim>
<domain>mycorp.fr</domain>
<selector>protect</selector>
<result>pass</result>
</dkim>
<dkim>
<domain>mycorp.fr</domain>
<selector>exchange</selector>
<result>pass</result>
</dkim>
</auth_results>
</record>
<record>
<row>
<source_ip>135.125.122.66</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
<reason>
<type>local_policy</type>
<comment>arc=fail</comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<header_from>mycorp.fr</header_from>
</identifiers>
<auth_results>
<spf>
<domain>shared-p100-i7.d.sp1-brevo.net</domain>
<result>softfail</result>
</spf>
<dkim>
<domain>mycorp.fr</domain>
<selector>mail</selector>
<result>pass</result>
</dkim>
</auth_results>
</record>
</feedback>
Hi Eric,
Reports from Infomaniak.com have been blocked due to a large amount of incorrectly reported authentication results from this provider which caused many domain owners to make wrong decision based on incorrect data. We have a contact at this provider and I will follow up with our internal support team to see if they warrant a revisit.
There does seem to still be some issues with how they report data. For instance, reporting a SPF policy of fail, but the check passing without providing a domain checked.
<record>
<row>
<source_ip>163.172.240.111</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
**<spf>fail</spf>**
<reason>
<type>local_policy</type>
<comment>arc=fail</comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<header_from>mycorp.fr</header_from>
</identifiers>
<auth_results>
<spf>
**<domain></domain>**
**<result>pass</result>**
</spf>
<dkim>
<domain>mycorp.fr</domain>
<selector>protect</selector>
<result>pass</result>
</dkim>
<dkim>
<domain>mycorp.fr</domain>
<selector>exchange</selector>
<result>pass</result>
</dkim>
</auth_results>
</record>
Thank you for bringing this to our attention!
Thank you for this very clear answer!
I would like to take this opportunity to tell you that your site is excellent and helps network administrators a lot!
