In article <20190525183556.horde.zvg1bnsybvs_enkzpkjl...@webmail.aegee.org> you write: >Consider this scenario: an email from a domain, with DMARC policy >“p=reject; ruf=postmaster@domain” fails validation. A >message-specific report is sent to postmaster@domain. The report is >bounced (or there is any reply on it) and the reply is again From: >that domain and does not validate DMARC.
On further consideration, I was reminded about all the mail loops I had to deal with back when I was running autoresponders. What I discovered is that there is nothing you can put in your messages which will prevent mail loops, since there will always be someone at the other end that will respond anyway. What you have to do is rate limit. For example, if you see that you've sent more than five failure reports in an hour to a particular address, don't send any more reports to that address during the next hour, even if mail comes in that would get a report. You can tune the time period and threshhold, but so long as the time period is longer than a cycle of the mail loop, they don't matter much. -- Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The Internet for Dummies", Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc