---------- Forwarded message --------- From: Douglas Foster <[email protected]> Date: Mon, Jan 25, 2021 at 8:32 PM Subject: Re: [dmarc-ietf] Reports helping spammers? (#81) To: Alessandro Vesely <[email protected]>
Yes, I think you are right, the information loss to bad actors is limited, while the benefits of information release may be pretty valuable to good actors. For reporting users, a "non-aligned" raises important questions: If it is a legitimate forward, the sender probably wants it accepted. If it is a legitimate forward that the sender wants delivered, but the recipient blocked because of DMARC, then the sender has to decide whether to drop back to p=none or From rewrite. All of this is much easier to evaluate if the sender provides some disposition feedback. I think we can say something along these lines in the security considerations. You said that the disposition="none" or "sampled out" should only mean "Not blocked because of DMARC evaluation", without making any indication of whether the message was blocked for any other reason. I will rest easier if this concept is articulated clearly in the document. It is a big document and I tend to read it in pieces, so perhaps it is there and I missed it. To my original question, I don't think I would ever send a report to a domain that has a negative reputation, or a domain with no reputation that came from a source with negative reputation. I don't want those people talking to me, so I have no intention of talking to them. That still allows for notifying positive-reputation domains if a negative-reputation source abuses their domain. Doug Foster On Mon, Jan 25, 2021 at 6:03 AM Alessandro Vesely <[email protected]> wrote: > On Sat 23/Jan/2021 15:13:53 +0100 Douglas Foster wrote: > > > > I can fully endorse Murray's position that alignment reporting is > beneficial, > > even when the sending domain is malicious. However, it is also > off-topic. > > My focus is on disposition reporting, not alignment reporting. > > > I see. > > > > Bottom line: The perceived risk of disposition reporting will differ > with each > > person, and therefore with each reporting domain. The specification > would be > > improved by providing a way for skeptical domain owners to redact > > information that they do not wish to disclose. Currently, the > options are to > > (a) not report at all, or (b) report ambiguous and slightly misleading > > information such as "dispostion=quarantine, overridereason=other". A > better > > option would be to have options to state "dispositioin=not specified, > > overridereason=not specified". > > > The information that reports actually disclose is when they say why the > disposition differs from what the author's domain asked. That info is > given in > the comment field, which can be "forwarded", "sampled_out", > "trusted_forwarder", "mailing_list", "local_policy", or any other reason. > This > field is already optional. > > Saying "none" without explaining why doesn't really disclose much, does it? > > > Best > Ale > -- > > > > > > > > > > > > >
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
