On Thu 05/May/2022 12:55:53 +0200 Bernardo Reino via mailop wrote:
On Thu, 5 May 2022, Alessandro Vesely via mailop wrote:
On Fri 29/Apr/2022 18:24:04 +0200 Bernardo Reino wrote:
On Fri, 29 Apr 2022, Tobias Fiebig via mailop wrote:
This might be a bit of a theoretical attack thing, but looking
over the bounces for my nightly outbound DMARC reports I
actually started to wonder about this; (Mostly because I am
getting scared by regularly sending DMARC reports to non
-existing accounts on a major ESP ;-)).>>>
It's scary, and your scenario looks very real.
I regularly get bounces from Google due to DMARC reports being sent to
non-existant addresses handled by Google.
Sorry to be late...
Note that example.com should set rua=mailto:[email protected]; that is, they
should receive reports at their own domain. If they setup a recipient to an
external domain, the latter must acknowledge that setting.
I don't know if that is a requirement. But I have cases like e.g. with
@discourse.org, where the rua is [email protected], so that would be
"OK" as per your comment above.
However, the MX for that domain is aspmx.l.google.com et al. which is what
causes the/a problem.
Yes, that causes some problems.
My last event was this very morning, with:
<[email protected]>: host aspmx.l.google.com[108.177.14.27] said:
550-5.7.1 [65.108.69.105 12] Our system has detected that this message
is 550-5.7.1 likely unsolicited mail. To reduce the amount of spam sent to
Gmail, 550-5.7.1 this message has been blocked. Please visit 550-5.7.1
https://support.google.com/mail/?p=UnsolicitedMessageError 550 5.7.1 for
more information. y32-20020a2ebba0000000b0024f06a6a250si945257lje.307 -
gsmtp (in reply to end of DATA command)
so that is Google rejecting the DMARC report that discourse.org ASKED FOR,
because it considers it to be "unsolicited".
I only received two of those bounces, on March 10. None in 2020, none in 2021.
I used to receive these:
8 450-4.2.1 The user you are trying to contact is receiving mail at a rate that
450-4.2.1 prevents additional messages from being delivered. Please resend
your
450-4.2.1 message at a later time. If the user is able to receive mail at
that
450-4.2.1 time, your message will be delivered. For more information, please
450-4.2.1 visit
450 4.2.1 https://support.google.com/mail/?p=ReceivingRate <token> - gsmtp
They used to come every day until about the end of January. Then slowed down.
That's because I send reports just around midnight (and I know that I'm doing
alright;-). Google limit of one message per second[*] can trigger for DMARC
reporting.
[*] https://support.google.com/a/answer/1366776?hl=en&ref_topic=28609
(OK, I originally mentioned non existent addresses, but being rejected as a
spammer is even worse than that, in my book).
I've even considered stopping sending DMARC reports entirely, as one could
argue that they don't serve any positive purpose for the reporter, and may
even have a negative impact, as you have described.
There /are/ a couple of positive effects for reporters. One, for small
senders, is to contribute scraping out a minimal footprint.
If that "minimal footprint" ends with meaning "Google thinks I send unsolicited
e-mails during the night to addresses that may or may not exist" then I'd
rather live without that footprint ;-)
I currently have 14 (manually added) domains in my "no DMARC reporting list".
When I reach 20 I'll just stop reporting altogether ¯\_(ツ)_/¯
Why? I do that for abuse reporting. I have 384 addresses in my nosend list,
manually added since 2020. Grepping through those is still faster than
retrieving one, methinks.
Best
Ale
--
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
