We still see some rate limiting rejections on our RUA address, though a very low percentage. Seems most sites generate their reports on likely "midnight" boundaries, so the result is definitely similar to a very sharp but not long lasting DDOS. It's large enough that it skips right to the perm reject for some of the excess. Completely whitelisting anything is never wise, at the least these things do compete with the regular email load that one might consider more important than these reports. Increasing the allowed rate has been done multiple times, but apparently it's exceeding the last attempt yet again.
And honestly, I never expected anyone would care about the bounces or would really pay attention to them. A small fraction of reports missing is unlikely to change the information we derive from them, especially as the "who" we bounce probably changes from day to day. Brandon On Thu, Apr 16, 2020 at 3:07 PM Jonathan Kamens via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > On 4/15/20 3:48 PM, John Levine wrote: > > In article <65960f35-16b5-7889-5db1-c5c678015...@kamens.us> > <65960f35-16b5-7889-5db1-c5c678015...@kamens.us> you write: > > For your edification, below, in domain rank order (from > thehttps://domcop.com/openpagerank/ API), are the ranked domains that have > bounced at least one DMARC aggregate report my mail server has tried to > send them since I started tracking this in September 2018. > > There are a lot of domains on this list that are big enough that they > really should be able to handle something as critical as not bouncing > aggregate reports sent to the email address they advertise for them. > > One rejected report in about 500 days is an 0.2% bounce rate. That seems > a bit extreme. > > I said *at least* one, not *exactly *one. Once a site bounces a report I > add them to an exclude list and stop trying to send them reports, so I > don't actually know how many bounces any of these domains generated. I > doubt it's just one. > > Do you have an idea of why they're being rejected? Yahoo in > particular sometimes has bad days (I think due to DDoS) and defers or > fails to accept mail to anyone. It's nothing personal. > > Reports whose delivery were deferred don't show up on my list; it's just > for reports that were permanently bounced. And personally, I don't care why > they bounced. Rejecting the reports means more work for the servers sending > them and the people who maintain those servers, assuming that those people > are trying to do the right thing as opposed to just black-holing bounces. > If a site doesn't want to process the reports for whatever reason then they > should accept them and throw them away, not bounce them. In my opinion It's > a bad look for domains that can't manage even that reliably. > > When I first started maintaining the list of domains not to generate > reports for, I did keep track of why they were bouncing, though I don't do > that anymore. Here are some of the bounce causes I saw (not a comprehensive > list, obviously): > > youtube.com: rate limiting on the RUA mailbox > google.com: rate limiting on the RUA mailbox > flattr.com: message content rejected > trendmicro.com: connection timed out (for several days) > pobox.com: DMARCIFY appears to be out of commission; Pobox has since > switched to fastmaildmarc.com > > jik > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
