A spammer might send millions of impersonation mails to thousands of recipients. If that happens, the failure report receiver must be able to handle the volume in the same manner as a denial of service attack. Reporting to anything other than a specialized organization seems very risky.
DF On Fri, Jun 13, 2025, 11:56 AM Dotzero <[email protected]> wrote: > > > On Fri, Jun 13, 2025 at 10:26 AM Alessandro Vesely <[email protected]> wrote: > >> On Wed 11/Jun/2025 13:56:50 +0200 John R Levine wrote: >> > >> > I really do not understand what point you are making here. People find >> > aggregate reports useful enough to build businesses around them. But >> failure >> > reports are useless. >> >> >> I can hardly believe it. Unless you're getting a reward for receiving >> useless messages, why on earth do you have this record? >> >> "v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto: >> [email protected]; psd=n;" >> >> If ruf= indicates something, I looked at the records of DNSWL subscribers: >> >> /var/lib/rbldns/domain.list: 23488 records >> 16945 DMARC records (72.00%) >> 13154 rua (56.00%) >> 8622 ruf (36.00%) >> >> >> That seems to indicate that failure reports are less popular than >> aggregate ones, but a number of domains want them. >> >> Best >> Ale >> -- > > > Ale, can you show the top 10 or 20 domains (and number of domains pointing > to them) receiving the RUF reports? I have a feeling it skews towards > intermediaries such as Agari, Valimail and Dmarcian. > > TIA > > Michael Hammer > _______________________________________________ > dmarc mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
