Re: [dmarc-ietf] Report bombing is a prolem, Forensic report loops are not
Dotzero <dotzero@gmail.com> Mon, 01 February 2021 21:58 UTC
Return-Path: <dotzero@gmail.com>
X-Original-To: dmarc@ietfa.amsl.com
Delivered-To: dmarc@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 33A663A150E for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 13:58:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MlpIbnZo9K45 for <dmarc@ietfa.amsl.com>; Mon, 1 Feb 2021 13:58:29 -0800 (PST)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ACDE03A150D for <dmarc@ietf.org>; Mon, 1 Feb 2021 13:58:29 -0800 (PST)
Received: by mail-qt1-x82a.google.com with SMTP id l23so13481247qtq.13 for <dmarc@ietf.org>; Mon, 01 Feb 2021 13:58:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=mAnO6zgP1mt/4+iVJ+zoFQqBuJRIJP5RybSNzsyXeII=; b=jQKip06HhDbR09pZxwgpu6wJ6oVYJh5sNSmsOeJk2iPPb/9rR6qggso2pCflifqDNR 8mvn5AEwTOL4ML16ZRmIr0P7nZoiXkWnfDegiMVPDTbaaZmuXT74EIDxixdREW75539W I1ek+4EHcGlohQth3pLpSNuEUlRaSpHpLzy0YIHCak7+Bzo/E22Kml58OcIM0nIcCqBn ygfo35uNddBxCBmVftO5dUkaZ8yc/Utz7Waz7tA1waVhn6xdSYn+odp7b8G+qCbomRD2 9Xim9eVkFq02Wzeizzi87KXuBnj/WXM8LFqlU8alAPxZjed7XrsmLQvuqZjkt5Udu1Cw txDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=mAnO6zgP1mt/4+iVJ+zoFQqBuJRIJP5RybSNzsyXeII=; b=Cyo1dpRN4on7vM8jElVItePQu/HjbMQmlJcZqTTnP+fqSryyBX/nfBmhBVp5SHC/sD 3n+cyXLQWtJfkoisjnR2cC2ixlXwFYVsyW4X5eoquk7eS7IUc+lGq1zrNT0MGmyU6ttJ KJOYNTyn0VNPM1r2R/P8riFPUXBIwuud5xjRHepzOqiJV7GB1u3FQJzSQfBck/Dj0ngA QIDnh7gI4ydcnP9LUQAlLzSxjpPq/iIf41y66lAnUiWaHjVq8hVb1R6Jx8grBOhtFgAt eq11yZv4tihkiw53UcdrT57iJbfvqReNjSHHQ2KAnFfOw+Z9DfIU5wHmhs/j8Uce3pPA q14w==
X-Gm-Message-State: AOAM533pOP3d0SYxeJJKEs25iflzxEMmQM+3CLAEukxxaEuTMdZ69Ztl R/OuFVVbvI8AAaMQwEPD2fAOxgOQExIMaXYXCISO1dYP3A4=
X-Google-Smtp-Source: ABdhPJz+E7ouhDSkGWLevChSifzJpPQn8OU9NhDpFbR+JcrrlhLXLByHY4I/0FzC4b0Wzf/RNA9TjsnE5Fza9/NaCbU=
X-Received: by 2002:ac8:67ca:: with SMTP id r10mr17253276qtp.267.1612216708251; Mon, 01 Feb 2021 13:58:28 -0800 (PST)
MIME-Version: 1.0
References: <49b248dc-91a7-7f2d-ba28-72fe8d6d356a@tana.it> <20210131200238.931356D11D79@ary.qy>
In-Reply-To: <20210131200238.931356D11D79@ary.qy>
From: Dotzero <dotzero@gmail.com>
Date: Mon, 01 Feb 2021 16:58:17 -0500
Message-ID: <CAJ4XoYe54BLvHOn3vuPr9VUPmqPUTq_Pdt91jOSRsUAfL+uO5A@mail.gmail.com>
To: IETF DMARC WG <dmarc@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000032423705ba4d74f7"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/bZN38HKfpiGKLE2IejVsidd3Fu4>
Subject: Re: [dmarc-ietf] Report bombing is a prolem, Forensic report loops are not
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 21:58:31 -0000
On Sun, Jan 31, 2021 at 3:02 PM John Levine <johnl@taugh.com> wrote: > In article <49b248dc-91a7-7f2d-ba28-72fe8d6d356a@tana.it> you write: > >Rate limiting usually implies a number of buckets. They are managed by > >imposing limits per time periods, which can be either server-global or > per > >bucket. Normally, for MSA usage, one has one bucket per user. I have > never > >implemented failure reporting, but I'd guess buckets may vary. Besides > the > >signing domain (which determines the report consumer), the receiving > address, > >the sender and the spam flag may deserve their own buckets. > > The only one that matters for DMARC reporting is the recipient > address, since the purpose of rate limiting is to avoid overloading > the recipient mail system. I wouldn't worry about trying to send a > "representative" set of reports. > > Keep in mind that very few people send failure reports at all. > My experience is that most failure reports are provided through private channels where there are contractual agreements in place to deal with potential privacy and legal issues. This may be through intermediaries or direct between the parties (sending organization and receiving organization). Understand that the DMARC effort came about because the original participants felt it was useful in the private exchange of information between senders and receivers. We felt it was better as an open standard rather than as a private club. >From my perspective it is unfortunate that we can't seem to find a way to implement a system where failure reports are available other than through private channels. In my > experience few of them are useful. Most of mine are ordinary mailing > list messages where the failure is not surprising and does not mean > that anything needs to be fixed. > I disagree with John about failure reports not being useful. I have found failure reports to be extremely useful in anti-abuse efforts. The value can range from takedowns of images and links to maliciousness to shutting down sources of maliciousness.In some cases it has proven useful to law enforcement as documentation of activities. Unfortunately, I think addressing some of this has to be beyond the scope of the current effort. Michael Hammer
- [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Steven M Jones
- Re: [dmarc-ietf] Forensic report loops Juri Haberland
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops John Levine
- Re: [dmarc-ietf] Forensic report loops Kurt Andersen (b)
- Re: [dmarc-ietf] Forensic report loops Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops Douglas Foster
- Re: [dmarc-ietf] Forensic report loops Дилян Палаузов
- Re: [dmarc-ietf] Forensic report loops are not a … John Levine
- Re: [dmarc-ietf] Forensic report loops are not a … Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are not a … Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are not a … John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Juri Haberland
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Steven M Jones
- Re: [dmarc-ietf] Forensic report loops are a prob… Douglas Foster
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] Forensic report loops are a prob… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Murray S. Kucherawy
- Re: [dmarc-ietf] report floods, not Forensic repo… John R Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Douglas Foster
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John Levine
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Alessandro Vesely
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… John Levine
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Dotzero
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] Forensic report loops are a prob… Michael Thomas
- Re: [dmarc-ietf] Forensic report loops are a prob… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… John R Levine
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Douglas Foster
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Michael Thomas
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Seth Blank
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Dave Crocker
- Re: [dmarc-ietf] DMARC'ed reports, was Forensic r… Alessandro Vesely
- Re: [dmarc-ietf] Report bombing is a prolem, Fore… John R Levine