On 12/7/24 20:35, John Levine wrote: > It appears that Daniel K. <dan...@vendo.no> said: >> But how can I know that nore...@dmarc.yahoo.com speaks on behalf of >> yahoo.no, aol.com, rocketmail.com, etc.? > > Yahoo is an outlier here sending separate reports for different hosted > domains.
They're not the only ones doing it like that, and looking a bit harder I see we receive similar third party reports from, among others: fastmaildmarc.com for fastmail.com dmarc.mailmike.net for inboxsys.net Banks *long*.sbcore.net for swedbank.se seb.se for sebkort.no Government statens-it.dk for sitnet.dk Some of them does not even pass DMARC. *many.labels*.iphmx.com for avinor.no and lots more perim-prod-007.politiet.master.net for dmarc_noreply.politiet.no Looks like it's from the Norwegian police, but hard to tell since they're using a totally made up domain. Not DKIM signed, but SPF for politiet.no lists the sending IP. > Personally, I don't think I've ever seen a fake aggregate report, and it's > hard > to imagine e plausible reason for sending one, so I don't worry about it. Or > you can use DKIM the way we originally intended and observe that yahoo.com has > a generally good reputation so you'll accept the reports they send. Many of these domains only send us DMARC reports and have no independent reputation for 'normal' mail. > You probably also get reports from google.com that include mail sent > not just to google.com or gmail.com but the gazillion private domains > they host. You can't even tell what recipient domains they purport to be > reporting. Indeed. Daniel K. _______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org