Hi, RUF reports are useful for the organizations to understand that an attack has actually begun (i.e. phishing of bank). This is extremely useful and helpful tool for security teams. It helps them to act faster in reacting to such events i.e. via take down requests of phishing sites.
Kind regards, -- Tõnu Tammer CERT-EE juht / Executive Director of CERT-EE Riigi Infosüsteemi Amet / Estonian Information System Authority Email: [email protected] Mobile: +372 53 284 054 Web: https://cert.ee PGP:0x77A8997 / 9477 6B86 6A1E 849B C456 46D6 9CA8 9E41 77A8 997B On 12.06.2020 15:58, Shehzad Mirza wrote: > Hi All, > > I've been following conversations as best I can via the digest (which > was a bad idea), so switched to single emails. > > Based on what I've heard from those just starting off with DMARC and > have received very few failure reports, it's actually useful to get > some form of them (redacted or not). In one case, all the failure > reports were spam messages. This helped to push the org to get to a > policy of reject as soon as they could. > > For other organizations, which were not getting any failure reports, > the question continuously comes up on how can they determine which > messages are the ones that are failing (and not having to try and dig > through a day's worth of messages to try and figure it out). I think > this is where the failure reports can help to some extent. > > Just my 2 cents, for what it's worth. > > - Shehzad > > > • • • • > Shehzad Mirza > Director of Operations > Global Cyber Alliance > [email protected] <mailto:[email protected]> > (+1) 646 677 5535 (Option 3) > GCA Website <https://www.globalcyberalliance.org/> > > > > GCA Twitter <https://twitter.com/GlobalCyberAlln> GCA Facebook > <https://www.facebook.com/GlobalCyberAlliance/> GCA LinkedIn > <https://www.linkedin.com/company/global-cyber-alliance/> GCA YouTube > <https://www.youtube.com/channel/UCC5x4cUnZqWsV7OqBx1vCOQ> GCA GitHub > <https://github.com/GlobalCyberAlliance/> GCA Email Signup > <https://www.globalcyberalliance.org/#signup> GCA Instagram > <https://www.instagram.com/globalcyberalliance/> GCA Forums > <https://community.globalcyberalliance.org/> > > GCA takes your privacy seriously. To review > our privacy policy, please click here > <https://www.globalcyberalliance.org/privacy-policy/>. > > > > > > > > > > > > > > On Thu, Jun 11, 2020 at 11:40 PM Steven M Jones <[email protected] > <mailto:[email protected]>> wrote: > > On 6/11/20 5:22 PM, Scott Kitterman wrote: > >> On June 11, 2020 6:28:13 PM UTC, Steven M Jones<[email protected] > <mailto:[email protected]>> wrote: > >> ... I also suggested that perhaps potential failure report > generators > >> would be encouraged if they could see examples of reports with > >> different levels of redaction. > > > > I think it's entirely sensible to assess demand before investing > a lot of time in this. ... I think the real question on this > issue is for receivers. Is there anyone working that side of the > equation that would be inspired to send some kind of limited > feedback report where they send none now is they had clearer > examples to work from. > > > I should have said "I speculated," I suppose... While listening to > Autumn I couldn't recall having seen such examples, so I threw the > idea > out there. > > Anyway yes, we should be guided by data where we can get it. But if > we're looking for something better than "anecdata," at the moment > I can > only imagine getting that through a careful survey of a large > number of > non-reporting receivers. And I don't see that happening unless it > covers > a lot more questions than just whether examples of redacted failure > reports would have changed the decision not to send failure reports... > > If there's no sense that it would be useful, no need for further > discussion. > > --S. > > > _______________________________________________ > dmarc mailing list > [email protected] <mailto:[email protected]> > https://www.ietf.org/mailman/listinfo/dmarc > > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
