[opendmarc-users] dmarc reporting loop

Steven M Jones smj+opendmarc at crash.com
Tue Feb 2 02:33:32 PST 2016


On 02/02/2016 01:44, Ronald Verlaan wrote:
>
> So only one user initiated e-mail will cause both MTA’s send DMARC
> reports to each other forever once a day at night. Even if no user
> initiated e-mail will ever been sends between both MTA’s.
>
> So my question is, how to prevent this? Or is this the way it is
> supposed to work? 

This has come up in discussion before here or another list, though not
recently...

Yes, assuming each domain sends reports from a (sub-)domain that
requests reporting, you could have a loop like this. You asked for
reporting, and they're honoring your request; they asked for reports,
and you're honoring their request. So everything is working as expected.

If that isn't what you want, one solution is to have DMARC reports sent
from an address that does not request reporting. If you send from
<dmarc at reports.example.com>, and have a DMARC record for
reports.example.com that does not include an "rua=" tag even though the
DMARC record for example.com does, you avoid this scenario.

(If you don't like example.com, Yahoo sends their DMARC reports from
<noreply at dmarc.yahoo.com>. Check the DMARC records at _dmarc.yahoo.com
and _dmarc.dmarc.yahoo.com and note the differences.)

--Steve.



More information about the opendmarc-users mailing list