[ih] Various tests

[John Levine]

It appears that Dave Crocker via Internet-history <dcrocker at bbiw.net> said:
>> you turn on the reports; but once you have the reports, bugs and
>> configuration problems become glaringly obvious;
>
>When DMARC was being developed, my own reaction was the the reporting 
>function would likely be the biggest benefit.  I haven't tracked this in 
>detail, but I gather it's had some mixed results, though it probably 
>does have the benefit you cite, during initial stages of using DMARC.

There's a bunch of companies including Agari, Dmarcian, Redsift, and
Validity that provide elaborate analysis of DMARC reports so I think
it's safe to say a lot of people find them useful. Having talked to
most of them, I hear that for many companies just finding out who's
sending their mail can be quite interesting. It lets them prune rogue
(not necessarily malicions but unauthorizzed) senders both within the
orgqanization and outsourced.

R's,
John