On Sat 30/Jan/2021 13:51:56 +0100 Douglas Foster wrote:
Interesting point.
[...]
The spec is confusing because it says (a) failure reports should be sent
immediately, (b) failure reports should be aggregated, and (c) failure
reports should be throttled but without specifying a limit.
I wonder if the rule should be one message per week per source, since any
large volume sender will be getting reports from multiple sources. The
main problem with this is that law enforcement actions may want to be
bombed.
This point deserves its own ticket. While we have a ri= tag (to be revised,
see Tickets #50 and #71) and !size limits for aggregate reports, failure report
consumers don't have a way to express the amount or frequency of feedback they
want.
On Fri, Jan 29, 2021 at 4:00 PM John Levine <jo...@taugh.com> wrote:
In article <db72db79-272e-5d52-8994-4da81c872...@tana.it> you write:
3.3. Transport
Email streams carrying DMARC failure reports MUST conform to the
DMARC mechanism, thereby resulting in an aligned "pass". Special
care must be taken of authentication, as failure to authenticate
failure reports may provoke further reports.
Reporters SHOULD rate limit the number of failure reports sent
to any recipient to avoid overloading recipient systems.
I haven't yet modified this, but I mostly agree.
Why would reports due to a mail loop be more of a problem than due to
some random spammer sending a lot of fake mail, or (real life) your
users send mail to mailing lists with thousands of subscribers? Rate
limit your reports, don't worry about where they came from.
Rate limiting usually implies a number of buckets. They are managed by
imposing limits per time periods, which can be either server-global or per
bucket. Normally, for MSA usage, one has one bucket per user. I have never
implemented failure reporting, but I'd guess buckets may vary. Besides the
signing domain (which determines the report consumer), the receiving address,
the sender and the spam flag may deserve their own buckets.
Thoughts?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
