On Sun 31/Jan/2021 21:02:38 +0100 John Levine wrote:
In article <49b248dc-91a7-7f2d-ba28-72fe8d6d3...@tana.it> you write:
Rate limiting usually implies a number of buckets. They are managed by
imposing limits per time periods, which can be either server-global or per
bucket. Normally, for MSA usage, one has one bucket per user. I have never
implemented failure reporting, but I'd guess buckets may vary. Besides the
signing domain (which determines the report consumer), the receiving address,
the sender and the spam flag may deserve their own buckets.
The only one that matters for DMARC reporting is the recipient
address, since the purpose of rate limiting is to avoid overloading
the recipient mail system. I wouldn't worry about trying to send a
"representative" set of reports.
Keep in mind that very few people send failure reports at all.
True, it's not worth suggesting a super duper rate limiting.
Committed text:
3.3. Transport
Email streams carrying DMARC failure reports MUST conform to the
DMARC mechanism, thereby resulting in an aligned "pass". Special
care must be taken of authentication, as failure to authenticate
failure reports may result in mail loops.
Reporters SHOULD rate limit the number of failure reports sent to any
recipient to avoid overloading recipient systems.
Not MUST?
Best
Ale
--
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
