>When an MTA is misconfigured, if reports are sent in real-time via >email, every remote site that connects to the broken MTA will >generate a new email generating a notification flood. This is >much less likely to happen with DMARC.
For one thing, DMARC notifications come in clusters all the time. If you send a message to a large mailing list like NANOG, or some botnet uses fake return addresses in your domain, you'll get a big blat of failure reports. For another, so what? If you're a large mail system, you scale things so you can handle the reports you get. This is not a new or unsolved problem. >I should point out I the providers with large hosting mail farms >are not the problem we need to worry about. Frankly, they can >damn-well quite effectively monitor themselves! This news may come as a surprise to the large hosting mail farms whose employees are the authors of this draft. Perhaps they can let us know what their concerns and experience are. > It is the long tail of much smaller domains where SMTP transport security > needs > an effective alerting channel. So they can point the reports at some place like dmarcian.com, which does the analysis for small mail systems for free. Once again, this is not a new problem, and practical solutions are well known to people who take a few seconds to look for them. R's, John _______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
