On Mon 28/Dec/2020 22:20:55 +0100 Todd Herr wrote:
DMARC validation failures can be caused either due to legitimate mail (i.e., mail originated by or on behalf of the publisher of the DMARC policy, a.k.a., the domain owner) failing authentication checks due to a shortcoming in the authentication practices of the domain owner or some other hiccup that occurs in transit, OR by illegitimate mail (i.e., mail not originated by or on behalf of the domain owner, so mail intended to fraudulently impersonate the domain), specifically the kind of mail that DMARC is purported to be designed to stop.
That kind of analysis seems to be missing from the draft. After some years of experience, we should be able to provide some, I'd hope. If not, we'd better bluntly drop the draft.
Personally, I used to receive a few of them. None at all now. The only mention I recall about failure reports was an old article, by Terry Zinc IIRC, where he said they're key for telling abusers from legit operators needing realignment. I don't recall why that info couldn't be derived from the source IPs though.
Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
