RFC7489 states
Email streams carrying DMARC feedback data MUST conform to the DMARC mechanism, thereby resulting in an aligned "pass" (see Section 3.1). This practice minimizes the risk of report consumers processing fraudulent reports.
However, I could not find a recommendation of how to verify the relation between the report emails' Authenticated Identifier and the report's PolicyPublishedType's domain. Is there any mechanism in RFC7489 or DMARCbis?
_______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
