I could not find a recommendation of how to verify the relation
between the report emails' Authenticated Identifier and the report's
PolicyPublishedType's domain.
...
If I registered some spammer-domain and sent aggregate reports to
[email protected] with
- spammer-domain alignment
- Subject: Report Domain: dmarc.ietf.org ...
- and a policy_published domain dmarc.ietf.org in its XML payload,
would anyone, who actually looks at aggregate report data, recognize
that they are fake?
Sorry, I mixed up my thoughts here. A mechanism which could recognize a
fake report would have to correlate the report emails' Authenticated
Identifier and the report's report_metadata organization information.
But since organizations are arbitrary, they may be fake as well, so
probably no such feasible mechanism exists.
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
