On Tue, 2 Feb 2021, Alessandro Vesely wrote:
Whatever mechanisms are used, servers MUST
contain provisions for detecting and stopping trivial loops.
I can tell you from bitter experience that rate limiting is the *ONLY*
reliable way to stop trivial loops. Whatever else you try, something will
eventually change or delete the thing you try to use to recognize loops.
As a concrete example, I get a lot of failure reports from
antispamcloud.com which are not multipart/report and which software would
not recognize as a failure report. Nonetheless, if they got into a
reporting loop, it would be annoying, and rate limiting would stop them.
Mailbombing in general is not a loop. Two report generators reporting each
other's failure to authenticate a failure report /is/ a loop.
Sometimes mailbombing is a loop, sometimes it isn't. If the loop is so
slow that it doesn't trigger rate limits, it's not likely to be a
practical problem.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
