Interesting point. In your experience, how often does reporting produce any change in sender behavior?
I have made attempts both to help senders correct their own SPF or DMARC policy, or to get them to stop violating my DMARC policy. As best I can recall, my success rate has been zero. For a responsive organization, finding a problem and getting the change approved is likely to be a time-consuming a quick process. A week turnaround would seem timely, unless they go into emergency mode because lots of mail is being blocked. The spec is confusing because it says (a) failure reports should be sent immediately, (b) failure reports should be aggregated, and (c) failure reports should be throttled but without specifying a limit. Of course, if the cause is a spammer, there is nothing that the domain owner can do at all. I wonder if the rule should be one message per week per source, since any large volume sender will be getting reports from multiple sources. The main problem with this is that law enforcement actions may want to be bombed. DF On Fri, Jan 29, 2021 at 4:00 PM John Levine <[email protected]> wrote: > In article <[email protected]> you write: > >3.3. Transport > > > > Email streams carrying DMARC failure reports MUST conform to the > > DMARC mechanism, thereby resulting in an aligned "pass". Special > > care must be taken of authentication, as failure to authenticate > > failure reports may provoke further reports. > > Reporters SHOULD rate limit the number of failure reports sent > to any recipient to avoid overloading recipient systems. > > > Why would reports due to a mail loop be more of a problem than due to > some random spammer sending a lot of fake mail, or (real life) your > users send mail to mailing lists with thousands of subscribers? Rate > limit your reports, don't worry about where they came from. > > R's, > John > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
