I used the term "side effect" to highlight the limitations of aggregate reporting when we attempt to apply it to servers not under domain owner control.
An unauthenticated message source is not necessarily hostile or unwanted by the recipient, and the difference is not known to a domain owner reviewing aggregate report data. Even when a hostile action is occurring, it is probably not actionable. In the U.S., the FBI isn't interested in a cyber crime report until the reporting entity has evidence of $10,000 in losses. Again, this requires information that domain owners do not possess. It is difficult to establish that the effect on domain owner reputation has a specific cash value, so the domain owner needs to know the impact on recipients. When law enforcement becomes willing to investigate, their investigation may be blocked by national boundaries. Consequently, all the domain owner can really do is: 1) ensure that his messages will pass SPF and DMARC at first hop, and 2) publish p=reject to let the world know that this has been done. Doug
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
