Another action is to contact infrastructure vendors to file abuse reports against bad clients. I do this on some incoming messages, while failure reports would give me the ability to do so on impersonated messages when the recipient dores not complain or recipient response is unknown.
Since failure reporting is restricted to authentication issues, we can minimize the privacy concern by limiting what is reported. The spec should say that body and subject content MUST be redacted (even though these are sometimes convenient because they may give proof of malicious intent.) On Sat, Jun 14, 2025, 4:19 AM Alessandro Vesely <[email protected]> wrote: > On Sat 14/Jun/2025 04:58:13 +0200 John R Levine wrote: > > On Fri, 13 Jun 2025, Alessandro Vesely wrote: > >> On Wed 11/Jun/2025 13:56:50 +0200 John R Levine wrote: > >>> > >>> I really do not understand what point you are making here. People > find > >>> aggregate reports useful enough to build businesses around them. But > >>> failure reports are useless. > >> > >> I can hardly believe it. Unless you're getting a reward for receiving > >> useless messages, why on earth do you have this record? [ with ruf= ] > > > > I set up my DMARC records in 2012 and have been collecting reports for > the past > > 13 years. I have gotten 597,000 aggregate reports and 93,000 failure > reports. > > All of the failure reports take up less than 800MB, an insignificant > amount of > > disk space these days. A little script puts summary into info a > database which > > is another 32MB. > > > > The reason I know that failure reports are useless is that I have a > collection > > from over a decade and the most interesting thing they've ever told me > is who > > at LinkedIn subscribes to the same mailing lists I do. > > > That's the mailing list problem in action. It could be tackled by asking > the > report generators to omit reporting failures due to mailing lists, e.g. > through > subscriptions tracking. Had we solved this problem, you would not have > received any reports, which wouldn't be sufficient to conclude that they > are > useless. > > > Best > Ale > -- > > > > > _______________________________________________ > dmarc mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
