On 6/5/2019 10:06 PM, John Levine wrote:
In article <[email protected]> you write:
The high-level point I'm trying to make is that control messages -- such
as DMARC reports -- need to be handled in a fashion that works
automatically and at scale. Since looping is a well-known problem for
such messages, they need to be generated and handled in a way that
prevents the problem.
Right. you can give all the advice you want about sending stuff in
ways that's intended to prevent responses, but since some people will
always ignore your good advice, and any single party only controls one
leg of the loop, the only unlateral way to limit the damage is rate
limiti
Taking your note's plain language, you appear to be of the rather
peculiar view that specifying standards doesn't matter, since people
won't follow them.
Looping is a classic problem. It has classic solutions. Getting the
details of one specified for this case is, of course, different from
getting people to adopt it, but the start is with specifying it.
Having additional, ad hoc mechanisms for dealing with non-compliance is
quite a separate matter.
It's fine to tell people to use null bounce addresses and from:
addresses that don't ask for dmarc reports, but you need to rate limit
anyway.
I looked at the rest of this thread, to see where this point had already
been made, since your note seems to have a tone implying it's an
established point, but I couldn't find it. So again, ad hoc mechanisms
might also be useful, but they are separate.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
