It appears that Daniel K. <dan...@vendo.no> said: >I regularly get reports from nore...@dmarc.yahoo.com, that are DKIM >signed by yahoo.com, on behalf of all the other yahoo ccTLDs and their >other domains. > >The "Submitter" field in the subject identifies the domain the report is >from, and the attachment filename starts with this same domain as well. >(e.g. yahoo.no) > >But how can I know that nore...@dmarc.yahoo.com speaks on behalf of >yahoo.no, aol.com, rocketmail.com, etc.?
Yahoo is an outlier here sending separate reports for different hosted domains. Personally, I don't think I've ever seen a fake aggregate report, and it's hard to imagine e plausible reason for sending one, so I don't worry about it. Or you can use DKIM the way we originally intended and observe that yahoo.com has a generally good reputation so you'll accept the reports they send. You probably also get reports from google.com that include mail sent not just to google.com or gmail.com but the gazillion private domains they host. You can't even tell what recipient domains they purport to be reporting. R's, John _______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org