On 04/29/2013 11:48, Matt Simerson wrote:
I'll champion the cause of the ignorant. Just turn on ruf and "see" what comes in. It's a very effective way of figuring out what you are doing, and what effect your DMARC policy made. If you don't find the data useful, turn it off and route the reports to /dev/null.
I'm all for ignorance, but -- wait, no I'm not, and you don't have to be either! Wait for a couple or three aggregate reports to come in and see what kind of volumes are being reported *before* you request failure reports.
The postmasters I've talked to who were disappointed by DMARC almost always turned on failure reports ("ruf=") without understanding how high that volume of reports could be. Even if it didn't cause operational issues, they then looked at thousands of these reports and asked, "What am I supposed to do with all of those?!" As a result they hadn't even looked at the aggregate reports...
Waiting a couple days won't kill you. I'd strongly recommend checking the aggregate reports first, at least for the first sub-/domain you enable them for. Unless you're contracting with a third-party processor and sending the reports to them - in that case, game on.
On that note, if one thought it possible that they'd get a very large quantity of reports, a compelling argument could be made for publishing separate email addresses for rua and ruf reports. :-)
The FAQ recommends separate addresses for "rua" and "ruf," as well as waiting until after you've seen an aggregate report and understand what it tells you.
http://www.dmarc.org/faq.html#s_13 --S. _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
