In article <29174612-a051-8066-9dde-2afaf181c...@dcrocker.net> you write: >The high-level point I'm trying to make is that control messages -- such >as DMARC reports -- need to be handled in a fashion that works >automatically and at scale. Since looping is a well-known problem for >such messages, they need to be generated and handled in a way that >prevents the problem.
Right. you can give all the advice you want about sending stuff in ways that's intended to prevent responses, but since some people will always ignore your good advice, and any single party only controls one leg of the loop, the only unlateral way to limit the damage is rate limiting. It's fine to tell people to use null bounce addresses and from: addresses that don't ask for dmarc reports, but you need to rate limit anyway. _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
