On Tue, 2 Feb 2021, Alessandro Vesely wrote:
Whatever mechanisms are used, servers MUST
contain provisions for detecting and stopping trivial loops.
I can tell you from bitter experience that rate limiting is the *ONLY*
reliable way to stop trivial loops. Whatever e
On Mon 01/Feb/2021 17:29:23 +0100 John R Levine wrote:
3.3. Transport
Email streams carrying DMARC failure reports MUST conform to the
DMARC mechanism, thereby resulting in an aligned "pass". Special
care must be taken of authentication, as failure to authenticate
failure reports may r
On Sun, Jan 31, 2021 at 3:02 PM John Levine wrote:
> In article <49b248dc-91a7-7f2d-ba28-72fe8d6d3...@tana.it> you write:
> >Rate limiting usually implies a number of buckets. They are managed by
> >imposing limits per time periods, which can be either server-global or
> per
> >bucket. Normally
3.3. Transport
Email streams carrying DMARC failure reports MUST conform to the
DMARC mechanism, thereby resulting in an aligned "pass". Special
care must be taken of authentication, as failure to authenticate
failure reports may result in mail loops.
Reporters SHOULD rate limit the
On Sun 31/Jan/2021 21:02:38 +0100 John Levine wrote:
In article <49b248dc-91a7-7f2d-ba28-72fe8d6d3...@tana.it> you write:
Rate limiting usually implies a number of buckets. They are managed by
imposing limits per time periods, which can be either server-global or per
bucket. Normally, for MSA
In article <49b248dc-91a7-7f2d-ba28-72fe8d6d3...@tana.it> you write:
>Rate limiting usually implies a number of buckets. They are managed by
>imposing limits per time periods, which can be either server-global or per
>bucket. Normally, for MSA usage, one has one bucket per user. I have never
On Sat 30/Jan/2021 13:51:56 +0100 Douglas Foster wrote:
Interesting point.
[...]
The spec is confusing because it says (a) failure reports should be sent
immediately, (b) failure reports should be aggregated, and (c) failure
reports should be throttled but without specifying a limit.
I wonder i
Interesting point.
In your experience, how often does reporting produce any change in sender
behavior?
I have made attempts both to help senders correct their own SPF or DMARC
policy, or to get them to stop violating my DMARC policy. As best I can
recall, my success rate has been zero.
For a r
In article you write:
>3.3. Transport
>
>Email streams carrying DMARC failure reports MUST conform to the
>DMARC mechanism, thereby resulting in an aligned "pass". Special
>care must be taken of authentication, as failure to authenticate
>failure reports may provoke further repor
