On 1/26/21 11:24, Michael Thomas wrote: > > Here's a very basic question: if I do not know all of the IP addresses > that send on my behalf, are DMARC reports of any value? > No, an organization is not assumed to have perfect knowledge of all their authorized sending sources. If that were common, there would have been much less need for DMARC in the first place.
One of the primary goals of DMARC (IMO) is to help organizations identify sending sources that have to be /investigated/. Some may be vendors who were engaged outside the normal email operational processes, most are likely just transient spam sources. But you won't know which is which until you at least take a cursory look. All of which requires those DMARC aggregate reports, and benefits from failure reports if you can get them -- and that the domain owner, or somebody acting on their behalf, *examines* those reports. Organizations using email should have at least some policies and procedures that cover all these things - and that is a very large topic that this isn't the right place to explore. > Enterprises farm out email all of the time and it could be difficult > to know when they change their server addresses, etc. > Yes, which is part of why even organizations that have gone through a long deployment process and arrived at their desired "end state" find value in continuing to receive and monitor reports. As you touch on, vendors don't always tell you about such changes in advance. You have to examine reports and, from time to time, take some action. --S. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
