If I can chime in for a moment, I'd love to see the large mailbox providers enable forensic reporting for those who have well formed DMARC records. I have clients who are rejecting spoof attempts initiated by competitor companies. We'd sure love to see the forensic reporting on that.
On Tue, Sep 13, 2016 at 11:15 AM, Paul Rock via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > At AOL we see this as well, and for now we're treating it as "they're > still figuring this DMARC thing out". If it's someone we have a regular > relationship with and it's not a blip, we'll reach out and ask what's up. > If it appears to be a serious issue - a domain getting heavily abused for > example - we'll also try and reach out. > > We're not currently using it as a feature in our reputation systems, so > not taking your DMARC reports isn't going to impact your reputation here at > AOL (for now). We consider it bad form, but that's about it. > > The @dmarc.org (and similar) reporting addresses make us giggle, but > again we're not holding that against anyone yet. > > As for DoS via DMARC - that's one of the (many) reasons we don't do > forensic reporting. I can't tell you how many times we've seen small orgs > with no or misconfigured SPF being abused by spammers with horrible lists > that generate lots of bounces. We try to catch that before it's too bad for > the small org, but we've unintentionally crushed a mail server or three > because of this. What we haven't seen yet, and I'm not really sure it's > worth the trouble for the bad guys seeing that there are soo many easier > ways to cause trouble, is someone setting up a ton of domains that all send > reports to a victim/target. Of course, now that I've said that, someone > will do it tomorrow. > > On Sat, Sep 10, 2016 at 12:53 PM, John Levine via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > >> >There's a semi-related issue I'm seeing. A number of domains have used >> >addresses @dmarc.org for their aggregate reports, and some report >> >generators have not implemented cross-domain reporting authorization >> >checks. This volume pales in comparison to the volume of spam directed >> >at the same reporting address, but is anybody else seeing this and >> >thinks it's a problem? >> >> I think you're just observing the truism that no good deed goes >> unpunished. Perhaps you could treat it as lead generation, collect >> the reports and offer to sell advice to both the people sending them >> and the ones reported on to improve their DMARC setup. >> >> >> >> Do postmasters risk bad reputation if they continue to send DMARC >> reports? >> > >> >Another question a friendly large mailbox provider could possibly answer >> >for us... Has anybody asked Spamhaus to see if this is on their radar? >> >> I'm reasonably sure it is not. >> >> >That inspires another question -- has anybody seen a real-world abuse or >> >DoS involving DMARC reporting? There's a potential there, and I believe >> >we identified it in the security considerations in RFC7489, but is there >> >any indication this is a problem that needs more attention? >> >> Unless a really gigantic provider pointed their reports at you, it >> seems unlikely. I've been collecting reports for a dozen domains >> since 2012 and the total number of aggregate reports since I've >> started is less than 100,000, failure reports less than 60,000. >> >> R's, >> John >> _______________________________________________ >> dmarc-discuss mailing list >> dmarc-discuss@dmarc.org >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> > > > > -- > PAUL ROCK > Principal Software Engineer | AOL Mail > P: 703-265-5734 | C: 703-980-8380 > AIM: paulsrock > 22070 Broderick Dr.| Dulles, VA | 20166-9305 > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
