Opened 3 years ago

Closed 17 months ago

#30 closed defect (worksforme)

Endless Email Loops with Aggregate Reports

Reported by: tim@… Owned by:
Priority: major Milestone: Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide
Component: dmarc-future-notes Version:
Severity: - Keywords:
Cc:

Description

DMARC aggregate reports can and do cause endless loops, too:

A site publishes an email address for receiving aggregate DMARC reports. The rua-address bounces the messages (aggregate report) received there and the bounces does not validate the DMARC policy. So on the next reporting period a new aggregate report is sent, stating that the reply on the previous report failed DMARC validation.

Unlike endless email loops caused by message-specific failure reports, the endless email loops caused by aggregate reports are by design rate-limited: one email per reported domain and reporting period. A wait to reduce the possibility into getting in such loops is toT send the reports FROM:<>.

That said I propose recommending in DMARC, that both the message-specific reports and the aggregate reports are sent FROM:<> or NOTIFY=NEVER.

Change History (2)

comment:1 Changed 3 years ago by vesely@…

The recommended way to prevent such "loops" is to send your reports from a
subdomain with a DMARC record that has no 'rua' tag. That way you won't
trigger new reports for your report.

Cheers,

Juri

(http://lists.dmarc.org/pipermail/dmarc-discuss/2018-October/004164.html)

comment:2 Changed 17 months ago by johnl@…

  • Resolution set to worksforme
  • Status changed from new to closed

Not a problem in practice, closed.

Note: See TracTickets for help on using tickets.