On Wed, Feb 28, 2024 at 6:27 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> I interpret your data differently. These domains collected data until it > was clear that they could safely move to enforcement. Thereafter, they > saw no need to study reports, at least until their configuration changes. > Daily reporting is perceived as a waste of system and staff resources. > > I suggested an errors-only reporting option, which would allow for error > monitoring without the wasted resources, but it was discarded by the group. > > Not all DMARC passes are intentional passes. The SPF upgrade attacks that we've witnessed over the past year or so and too-permissive SPF records in general are but two examples of where DMARC passes can occur for mail that was not authorized by the Domain Owner. A reporting model that only reports failures would not reveal these flows to the Domain Owner. Please note that I am explicitly NOT arguing for a DMARC mechanism that does not rely on SPF; in fact I oppose such a thing at this time. Rather, I submit that it behooves Domain Owners to routinely clean and manage their SPF records to mitigate against risk of these sorts of attacks, and DMARC aggregate reports are a tool that can be used to do so. -- *Todd Herr * | Technical Director, Standards & Ecosystem *e:* todd.h...@valimail.com *p:* 703-220-4153 *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc