On 12/7/24 20:35, John Levine wrote:
> It appears that Daniel K.  <dan...@vendo.no> said:
>> But how can I know that nore...@dmarc.yahoo.com speaks on behalf of
>> yahoo.no, aol.com, rocketmail.com, etc.?
> 
> Yahoo is an outlier here sending separate reports for different hosted 
> domains.

They're not the only ones doing it like that, and looking a bit harder I
see we receive similar third party reports from, among others:

        fastmaildmarc.com       for fastmail.com
        dmarc.mailmike.net      for inboxsys.net

Banks

        *long*.sbcore.net       for swedbank.se
        seb.se                  for sebkort.no

Government

        statens-it.dk           for sitnet.dk

Some of them does not even pass DMARC.

        *many.labels*.iphmx.com for avinor.no and lots more

        perim-prod-007.politiet.master.net
        for dmarc_noreply.politiet.no

Looks like it's from the Norwegian police, but hard to tell since
they're using a totally made up domain. Not DKIM signed, but SPF for
politiet.no lists the sending IP.


> Personally, I don't think I've ever seen a fake aggregate report, and it's 
> hard
> to imagine e plausible reason for sending one, so I don't worry about it.  Or
> you can use DKIM the way we originally intended and observe that yahoo.com has
> a generally good reputation so you'll accept the reports they send.

Many of these domains only send us DMARC reports and have no independent
reputation for 'normal' mail.


> You probably also get reports from google.com that include mail sent
> not just to google.com or gmail.com but the gazillion private domains
> they host.  You can't even tell what recipient domains they purport to be
> reporting.

Indeed.


Daniel K.

_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org

Reply via email to