On 1/25/21 12:08 PM, Todd Herr wrote:
On Mon, Jan 25, 2021 at 2:56 PM Michael Thomas <[email protected]
<mailto:[email protected]>> wrote:
On 1/25/21 11:52 AM, John Levine wrote:
> In article
<cah48zfwejx1pho7x1bjjtyyehxzwmuq3jrhfjzahwfy1jq+...@mail.gmail.com
<mailto:cah48zfwejx1pho7x1bjjtyyehxzwmuq3jrhfjzahwfy1jq%[email protected]>>
you write:
>> -=-=-=-=-=-
>>
>> DMARC alignment on the report seems of limited value unless it
is aligned
>> to the domain being reported. ...
> I'm getting the impression that some of us have not looked at
any DMARC reports.
>
> Aggregate reports contain the domain of the reporter, and the domain
> of the sender to whom they are sending the report. They do NOT have
> the domains to which the messages were sent or where they were
> received, which are often different for forwarded or mailing
list mail.
>
> For at least the third time, there is no "domain being
reported". When
> I get reports from Google or any other multi-tenant mail provider,
> they do not say to which of their gazillion hosted domains the mail
> was sent. That is not a bug, and it's been like that for a decade.
>
Sounds like a bug to me and an issue should be opened. Just
because it's
a 10 year old bug doesn't mean it's not a bug.
I disagree.
Authentication results should not differ at a given provider based
solely on the destination domain, so there is no reason to report
results separately for each destination domain. Further, there's no
value to the report generators, especially at large sites like Google,
to expend the resources necessary to generate and send X reports when
one will do.
So you're saying I should be free to spoof any domain I want because
Google might be inconvenienced?
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
