On Thu 14/Jan/2021 16:24:33 +0100 Murray S. Kucherawy wrote:
On Thu, Jan 14, 2021 at 1:22 AM Steven M Jones <s...@crash.com> wrote:
On 1/13/21 20:29, Murray S. Kucherawy wrote:
3) always generate forensic reports as the null sender, and specify that
forensic reports should never be generated in response to the null
sender >>
I suppose that would meet the goal, but what would be lost along the way?
What keeps coming to mind is the advice I've seen to have your bounce
messages authenticate with DMARC - if a sender does that or is in the
process of implementing it, they might want whatever forensic reports they
could potentially get...
Another way is to set the From: domain to a subdomain having a DMARC record
with neither rua= nor ruf=. I use noloop.tana.it for aggregate reports.
I'm also not a fan of the idea of treating different bounce messages in
different ways. That seems like avoidable complexity. Do we want to ever
send back a forensic report for something from the null sender, irrespective
of what's in it?
It might be interesting to know if regular NDNs are authenticated all right.
As they have the null sender, rule (3) prevents that feedback.
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
