On 1/26/21 1:44 PM, Todd Herr wrote:
On Tue, Jan 26, 2021 at 4:19 PM Michael Thomas <[email protected]
<mailto:[email protected]>> wrote:
I don't see how time helps anything if I can't differentiate
between our legitimate traffic and attacker traffic. All an
attacker would need to do is send a mail cannon to mimic Marsha in
Marketing every once in a while and the entire thing resets. If it
is a requirement to know all of the legitimate IP addresses in
order to make use of the reports as an indicator, the draft should
be very explicit about that.
Forgive me; I have failed to get my point across in a way that
conveyed my meaning. Let me try again.
My use of the word "Time" was intended to mean, effectively,
"experience, wisdom, and knowledge" all of which would be gained
through regular (for me it was daily) analysis of the latest DMARC
aggregate reports. Through the time spent analyzing those reports, one
would obtain a fuller picture of one's organization's mail flows,
gaining a knowledge that can really only come from immersion in the data.
I have written this up and it is now issue #101.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
