Yesterday on the NANOG list someone (names elided to protect the sort of innocent) was complaining that he was getting DMARC failure reports for his domain with a p=none DMARC record.
He insists that the failure reports mean something is wrong, the list needs to make them go away, which of course means rewriting headers to make it harder to tell who each message was from. I suggested that if he doesn't want the reports he's asking for he should not ask for them, or perhaps use a three line procmail script to sort the obviously benign list ones, but he's sure it's the list's fault. This morning on Twitter @mnot noted with alarm that failure reports about list messages give you a pretty good idea about who some of the list subscribers are, which is true, and that it's something a list operator can turn on or off, which is not. I don't think there's anything to change in the way failure reports work, but we need to say a lot more about what they mean and how they're used. - Failure reports will leak info about sender and recipient, even if you redact them - Most recipients don't send them. Are you sure you want to? - Many reports have entirely innocent causes such as courtesy forwards and mailing lists. These are not a problem; there is nothing to fix unless, I suppose, your domain isn't supposed to be sending to forwards and mailing lists. - There's a whole lot of false alarms. Are you SURE you want to? - Many reports ignore the spec and send random formats so you have to be prepared for that. - Are you REALLY sure you want to send them? Looking at my reports for the past week, there's a bunch from Linkedin and ISC, a fair number from mailspamprotection.com, which appears to be hosting provider Siteground, in an invalid format, and from antispamcloud.com, in the same invalid format, and a sprinkle from what look like one-person mail servers running the OpenDMARC milter. The main document seems to be close to done so I'd be happy to help with the failure reporting one. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
