[dmarc-discuss] RUA validation
Andrew Sullivan
asullivan+dmarc at dyn.com
Tue Jan 31 13:52:34 PST 2012
On Tue, Jan 31, 2012 at 01:29:45PM -0800, Murray S. Kucherawy wrote:
> > -----Original Message-----
> > From: dmarc-discuss-bounces at blackops.org [mailto:dmarc-discuss-bounces at blackops.org] On Behalf Of David F. Skoll
> > If the From: domain is example.org and the rua is
> > mailto:report at r.example.com, do a DMARC lookup on:
> >
> > _dmarc.example.org._dmarc.r.example.com
> The issue then is that a storm of mail pointing to fake reporting addresses like this causes a DNS storm against example.org. I wonder if "Yeah, but negative caching will help that" is a good enough answer to people that will complain.
Wouldn't the mail-stormer, if it wanted to cause headaches, just send
with different ruas (that is, mailto:report@$VAR.example.com, with
lots of different values for $VAR)? Negative caches wouldn't help
then, because every lookup would be
TXT? _dmarc.example.org._dmarc.$VAR.example.com
(or similar). In general, this seems like a vector to send a lot of
unsoolicited DNS queries at some other domain's authoritative servers.
Best,
A
--
Andrew Sullivan
Dyn Labs
asullivan at dyn.com
More information about the dmarc-discuss
mailing list