On Fri, Nov 14, 2014 at 3:22 PM, A. Schulze <[email protected]> wrote:
> like just mentioned in jabber I like to know if and how you handle the > situation > where inbound message should be reported back to the sender > while the sender is clearly not a good guy. > I'm not sure I understand why it might be a problem to send aggregate reports to domains you're already blocking; to the contrary, there might be value in doing so, at least from an "enemy of my enemy" standpoint. If I understand the scenario correctly, there exists one or more domains that you're refusing mail from, domains which also publish DMARC policies. For the purposes of this discussion, we'll focus on just one such domain, wesellstuff.com. Whether or not you care for a given domain's sending practices, it still has a right to its identity and brand, assuming it's legally registered by whatever definition of "legally registered" is applicable. It might even be a legitimate business, albeit one with bad email sending practices. You're refusing mail from the domain wesellstuff.com, and they probably already know that (or should) so your aggregate reports won't tell them anything they don't already know (assuming that the rejection happens deep enough into the SMTP transaction that you can generate reports about it). At the same time, Criminals R Us is sending mail that is attempting to use wesellstuff.com's brand, but this mail either does or does not pass DMARC checks; either way, you're reporting the stats to wesellstuff.com. These reports might give wesellstuff.com enough information to try to take action to get this illegitimate mail stopped, which would be a win for you, as a provider who doesn't want mail from either entity. I guess I could see aggregate reports as a way for a bad guy to test the waters and see what stuff of his is getting through and what's not, but I'm not sure that there's any gain there, when you think about the cost of setting up an infrastructure to process DMARC reports; bounces or "250 ok" is a much more immediate feedback mechanism than aggregate reports that might be delayed by up to 24 hours. It seems to me that the relative anonymity of not publishing DMARC would be a better way to maximize (at least in the short term) one's ability to send a ton of crap. If they think DMARC is the answer to getting their mail accepted, probably the easiest path there is just publish an SPF record of "+all" and don't worry about DKIM signing anything. What am I missing here? -- Todd
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
