![(please configure the [header_logo] section in trac.ini)](https://www.ietf.org/images/ietflogotrans.gif)
Opened 3 years ago
Closed 17 months ago
#30 closed defect (worksforme)
Endless Email Loops with Aggregate Reports
| Reported by: | tim@… | Owned by: | |
|---|---|---|---|
| Priority: | major | Milestone: | Deliverable #3 (changes to DMARC base spec + DMARC Usage Guide |
| Component: | dmarc-future-notes | Version: | |
| Severity: | - | Keywords: | |
| Cc: |
Description
DMARC aggregate reports can and do cause endless loops, too:
A site publishes an email address for receiving aggregate DMARC reports. The rua-address bounces the messages (aggregate report) received there and the bounces does not validate the DMARC policy. So on the next reporting period a new aggregate report is sent, stating that the reply on the previous report failed DMARC validation.
Unlike endless email loops caused by message-specific failure reports, the endless email loops caused by aggregate reports are by design rate-limited: one email per reported domain and reporting period. A wait to reduce the possibility into getting in such loops is toT send the reports FROM:<>.
That said I propose recommending in DMARC, that both the message-specific reports and the aggregate reports are sent FROM:<> or NOTIFY=NEVER.
Change History (2)
comment:1 Changed 3 years ago by vesely@…
comment:2 Changed 17 months ago by johnl@…
- Resolution set to worksforme
- Status changed from new to closed
Not a problem in practice, closed.
The recommended way to prevent such "loops" is to send your reports from a
subdomain with a DMARC record that has no 'rua' tag. That way you won't
trigger new reports for your report.
Cheers,
(http://lists.dmarc.org/pipermail/dmarc-discuss/2018-October/004164.html)