My experience is that "most" senders are requesting aggregate reports. They start by p=none with a rua= before they move to reject, and this is what we have been advocating people to do.
Aggregate reports could be complicated to do, it obliges you to have an async system. You may want to consider forensic reporting before doing the aggregate report, because this can be done when the email is still inside your MTA. I mean you do not need to store it anywhere for later processing, this is part of your DMARC validation pipeline. Also, if the volume is small to medium, just creating a purpose log with a daily rotation, may be enough for doing aggregate reports. At the end of the day you launch a script to parse these daily reports and create a dmarc report. I did that in python, cf https://github.com/linkedin/dmarc-msys/ Next iteration could be some more fancy reporting requests. From: John Sweet <[email protected]<mailto:[email protected]>> Date: Thursday, September 20, 2012 10:03 AM To: "[email protected]<mailto:[email protected]>" <[email protected]<mailto:[email protected]>> Subject: [dmarc-discuss] Enforcing without reporting (was Re: List manners) Murray -- you're at Facebook now. Shouldn't that be "Like", not "+1"? Actually, I have a serious question. We're working on incorporating DMARC in our service right now. I want to put a feeler out on the desirability of authenticating/enforcing sender's DMARC policies, but not providing reports, as a first step to integration. My sense is that it's valuable to senders to have receivers enforce their (DMARC-defined) ADSP, even in the absence of reporting. It's also valuable to our customers as an anti-phishing measure. Is it better to do this, or to hold off on enforcement until the senders can also get reports from us? Since not all senders request reporting, I assume it's better to enforce than to do nothing at all. I know it's always easier to apologize than to ask permission. I just want to make sure there isn't some side-effect I've overlooked. Thanks, J <http://www.mimecast.com>
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
