On Sun, Jan 8, 2023 at 2:17 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> re: "These are not forensic reports" > The purpose of aggregate reports is to define WHERE a problem occurs, > while the purpose of a forensic report is to define WHY a problem occurs. > (e.g. "Why do my DKIM signatures fail when sent to example.com on > Thursdays?") The problem with Source IP alone is that it does not > adequately answer the WHERE question. Perhaps you have never had to find > a computer behind a many-to-one NAT, but it happens. > Perhaps I did architect and run a system with many thousands of server instance on-prem, colo, cloud and 3rd party vendors, including integration of systems from acquisitions... and all without EHLO in aggregate reports... and all without paying a 6-figure consulting fee to find all of our mail sources and get them configured for DKIM signing. You make it sound as if without EHLO, all is lost. As far as finding a server in a pool behind NAT/PAT implementations, that isn't all that difficult - more like drudge work. I've done it on implementations that involve both local load balancing and wide area load balancing. I'm not exactly sure what point you are trying to make. > > Aggregate reports are most useful to organizations with a mail environment > which is so complex that they can justify a 6-figure consulting engagement > to find all of their mail sources and get them configured with DKIM > signing. These are the ones that are likely to need HELO information to > complete their rollout. I am also thinking of DMARC-participating PSOs, > which will be interested in maximum available information about DMARC > failures. > Aggregate reports are useful to ANY organization interested in implementing email authentication to protect their sending domains. Organizations with large complex environments are in the best position to find all their mail sources and get them configured properly for SPF/DKIM/DMARC. Smaller organizations tend to lack the internal resources and the knowledge to create and maintain proper implementations. Michael Hammer
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc