Looking at implementing DMARC for my institution. We currently have an SPF record and use DKIM to sign a small subset of messages. Rollout recommendations for DMARC suggest initially creating a "p=none" record to gather information on how a domain is being used. The RUA tag specifies a URI of where to send daily reports.
Trying to get an idea of how many reports to expect a day or two after the dust settles. Does anyone use an aggregator to process their feedback (RUA tag) and/or forensic reports (RUF tag)?
In article <ED78B1C68B84A14FA706D13A230D7B43699774D8@ITS-MAIL02.campus.ad.csulb.edu> you write:
Looking at implementing DMARC for my institution.
What problem do you expect this to solve? This is a real question,
since you can be 100% sure that any DMARC policy will wreak havoc on
any of your users who use mailing lists like this one. Academic
institutions tend to have a lot of list users.
Trying to get an idea of how many reports to expect a day or two after the dust settles. Does anyone
use an aggregator to process their feedback (RUA tag) and/or forensic reports (RUF tag)?
Aggregate reports, probably no more than 10 per day per domain.
Failure reports, depends on how much traffic your users and people
pretending to be your users send to China, since Netease in China and
Linkedin are the only providers that sends them, with the vast
majority from Netease. The aggregate reports are interesting, the
failure reports are not.
There are some scripts on the dmarc.org site I wrote that parse the
reports and put the interesting bits into a mysql database. I doubt
you'll need any more than that to see how much trouble a DMARC policy
would cause.
What problem do you expect this to solve? This is a real question,
since you can be 100% sure that any DMARC policy will wreak havoc on
any of your users who use mailing lists like this one.
*Any* mailing list.
Please help stamp out this abomination by refusing to capitulate to its insane desire to pretend the last three+ decades of email functionality never existed.