[dmarc-discuss] [Suggestion] Implicit feedback address domain name

Fri Feb 10 08:52:42 PST 2012

It's trivial to add an mx record and accept mail for one address and relay it.  
Any domain owner that can't handle that level of complexity isn't a candidate 
for DMARC.

OTOH, allowing arbitrary addresses as targets creates a potential for abuse.  
We've just gone through an extensive discussion of this issue in the IETF MARF 
working group and I'd encourage anyone who's interested to review the 
discussion in the list archives.

Scott K

On Friday, February 10, 2012 04:17:13 PM Franck Martin wrote:
> You may want to put a DMARC record to protect a domain that does not send or
> receive emails.
> 
> Where to send the reports then?
> 
> Also some vendors will process the reports for you
> 
> Printed on recycled paper!
> 
> On 10/02/2012, at 2:49, "Tanguy Ortolo" <tanguy+dmarc at ortolo.eu> wrote:
> > Hello again.
> > 
> > In order to avoid data duplication in DNS zone files, I think it would
> > be useful to allow domain name owners to define feedback address with an
> > implicit domain name, to which an "@" followed by the corresponding
> > domain name would be appended by receiving servers when sending reports.
> > 
> > For instance, consider the following DNS record:
> >    _dmark.example.com. TXT "v=DMARC1 p=quarantine
> >    rua=mailto:postmaster"
> > 
> > In the example.com zone file, that would in fact be represented as:
> >    _dmarc              TXT "v=DMARC1 p=quarantine
> >    rua=mailto:postmaster"
> > 
> > That way, the domain name owner could have a zone file with no reference
> > to the domain name itself, except perhaps an $ORIGIN definition (even
> > this definition can be implicit with BIND, actually), allowing a great
> > flexibility to do things such as using it for several domain names,
> > copying it for another domain name while keeping the number of required
> > modifications minimal (thus saving time and lowering the risk of
> > errors)… More generally, that would simply have all the regular
> > advantages of avoiding information duplication.
> > 
> > As far as I know, this is in fact what is currently implied or
> > explicitely stated in several standards. For instance, abuses are
> > usually reported to the abuse@ address of the same domain name. In some
> > other drafts such as Auth Failure Reporting [1], it is explicitely
> > mentionned the possibility for implicit domain name in reporting
> > addresses.
> > 
> >    [1]
> >    http://datatracker.ietf.org/doc/draft-ietf-marf-dkim-reporting/
> > 
> > Regards,
> 
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss at dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
> NOTE: Participating in this list means you agree to the DMARC Note Well
> terms (http://www.dmarc.org/note_well.html)