>Actually, From: domains can request reports even if DMARC p=none. It is >unclear what might be done with these reports, but given what some >domains have done with DMARC already, I for one would not be surprised >if this information was used to color the reputation of the sending server. > >Note that currently, Yahoo.com only requests aggregate reports which *I >think* do not identify the sending server, but AOL.com requests failure >reports as well which are intended to identify servers and actual senders.
I've been collecting DMARC aggregate reports for over two years and have over 40,000 of them. I use some scripts that decompress and parse the reports and put the interesting bits into a mysql database. I also have 22,000 failure reports (fewer providers send them.) The aggregate reports do indeed identify the sending server and are pretty interesting. For some of the larger mail systems, it's clear from the tags in the reports that they have a pretty good idea where the mailing lists are, which makes me wonder why they don't use that info to whitelist around the DMARC damage. I don't see any evidence that DMARC failures alone are likely to get a server blacklisted, although I wouldn't be surprised if it were a factor along with user complaints and spam filter statistics. R's, John PS: The scripts are at http://www.taugh.com/rddmarc/ if you want to play along on your own system. You can (and should) collect DMARC stats without publishing any DMARC policies. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
