I should have pointed out first that this question is unrelated to DMARC. At best, we're discussing a comparable "put a record in the DNS" configuration mechanism for requesting abuse reports. Note in particular that "put abuse contacts into abuse.net" already exists, and isn't being overwhelmed.
The principal means of addressing the privacy issues is the FBL signup process in which (a) the requester enters into an NDA and (b) the FBL service provider (typically a contractor to the receiver, rather than the receiver themselves) vets the applicant organisation and the individual's likely competence to execute the NDA. This can't be entirely automated, meaning that the benefits of universal access that DMARC provides aren't achievable. - Roland ________________________________ From: Gil Bahat <g...@magisto.com> Sent: Tuesday, 29 November 2016 13:33 To: Roland Turner Cc: DMARC Discussion List Subject: Re: [dmarc-discuss] FBL via DMARC? Hi, these are all solvable while still remaining within the DMARC domain: e.g. enabling detailed reports only after a specific signup procedure. most large receivers do have a feedback loop in place, even though not all of them standard. standardization would be really helpful as well as allow better and easier FBL management. I'd really like to see this in the DMARC standard, even if not everyone will apply it (e.g. DMARC failure reports). The privacy considerations are also apparently a non-issue as the overwhelming majority of mail providers (infact everyone but google) provide email-level FBL reports - Yahoo, Hotmail, AOL, mail.ru<http://mail.ru>, yandex, italia online, ... [http://upload.wikimedia.org/wikipedia/commons/thumb/b/bf/Mail.Ru_logo.svg/240px-Mail.Ru_logo.svg.png]<http://mail.ru/> Mail.Ru: ?????, ????? ? ?????????, ???????, ????<http://mail.ru/> mail.ru ????? Mail.Ru - ?????????? ?????????? ?????, ??????? ? ??????? ?????????, ?????????????? ... Gil On Tue, Nov 29, 2016 at 6:55 AM, Roland Turner via dmarc-discuss <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> wrote: I'd hazard a guess that confidentiality constraints get in the way here, for the same reason that most receivers won't provide DMARC failure reports, only aggregate reports. Note that the feedback mechanism for receivers who wish to volunteer reports already exists - and is the origin of DMARC's ARF - that being to send to abuse contacts for the domain or the originating IP address. Those same confidentiality constraints mean that few receivers do so. A further concern for spam filters in particular is that a receiver has to be confident that the domain-owner is a legitimate sender; if not, the abuse reports are a tuning tool for a spammer. No receiver wants to help this happen. - Roland ________________________________ From: dmarc-discuss <dmarc-discuss-boun...@dmarc.org<mailto:dmarc-discuss-boun...@dmarc.org>> on behalf of Jonathan Knopp via dmarc-discuss <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> Sent: Tuesday, 29 November 2016 12:22 To: dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> Subject: [dmarc-discuss] FBL via DMARC? Has there been any discussion about using DMARC to configure spam complaint feedback loops? Currently it is only feasible to register for the big ESPs and can be tough to keep them up to date. DMARC could make this automatic and universal. It would be well within DMARC's mandate of domain reputation protection since it would let you know quickly when someone has infiltrated your systems and is sending spam via your legitimate email path. _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
