On Thu 28/Nov/2024 07:55:00 +0100 Damian Lukowski wrote:
RFC7489 states
Email streams carrying DMARC feedback data MUST conform to the DMARC
mechanism, thereby resulting in an aligned "pass" (see Section 3.1).
This practice minimizes the risk of report consumers processing
fraudulent reports.
However, I could not find a recommendation of how to verify the relation
between the report emails' Authenticated Identifier and the report's
PolicyPublishedType's domain. Is there any mechanism in RFC7489 or DMARCbis?
The authenticated identifier likely corresponds to the submitter in the
Subject: and the <org_name> in the data, but I don't recall it's required to be
that way.
The <policy_published> should correspond to the Report domain in the Subject:
and to the identifiers reported in the data for legit direct mail.
Note that reporters are not required to disclose the domain which received the
messages, for example messages to gmail are reported by google.
Best
Ale
--
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
