Just to speak in favor of the utility of RUF reports... companies that are a significant target of phishing attacks find the real-time failure reports (specifically of their transactional mail) highly useful, especially in conjunction with an active enforcement department. Those who are sending RUF today should be thanked for their willingness to help quickly identify and deal with fraudulent mail.
So, RUF may not be for everyone (e.g. if you can't really do anything with the firehose of failure messages, you probably want to avoid it), but those who can use the information very much appreciate it. I hope that more receivers will find a way to support it. - Trent On 4/29/13 12:09 PM, John Sweet wrote: > Thanks, John and Tim. > > To my mind, this doesn't create a privacy problem any different from > the existing ones around spam filtering, DLP, or NDRs: somebody in an > administrative position may end up looking at message contents. You > have to build well-understood processes and privileges around it, so > you can warn and/or make promises to your users accordingly. It's just > the newest thing to do that. > > What I find puzzling about the Google Apps DMARC page is that it seems > to actively discourage use of the ruf= tag under any circumstances. I > suppose it's easier to say, "we don't support it," than, "using this > can have all kinds of unpleasant consequences, so use only with > extreme caution, and only after you fully understand what they are." > > I think I first heard about DMARC at the 2012 MAAWG in SF. Someone, > either Paul Midgen or one of the Agari guys, likened enabling forensic > reports to drinking from a fire hose. I found that apt. > > J > > On Mon, Apr 29, 2013 at 10:15 AM, John Levine <[email protected]> wrote: >>> Hi John, Google doesn't generate the ruf= type reports. Why? Only >>> Google can say, but my imaginative conjecture is that major providers >>> don't want to handle the support load *and*, because DMARC is >>> relatively new, they don't want to be trailblazers in the "hey, here's >>> a new way to get access to potentially sensitive data" arena. >> Having looked at the reports I do get, I can confirm that ruf reports >> leak all sorts of information about stuff you might not have anticipated. >> As a minimum, you can expect to get a copy of every message that any of >> your users sends to any mailing list. >> >> R's, >> John >> _______________________________________________ >> dmarc-discuss mailing list >> [email protected] >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) > > -- J. Trent Adams Profile: http://www.mediaslate.org/jtrentadams/ LinkedIN: http://www.linkedin.com/in/jtrentadams Twitter: http://twitter.com/jtrentadams _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
