On Sun, 8 Dec 2024, Daniel K. wrote:
Personally, I don't think I've ever seen a fake aggregate report, and it's hard
to imagine e plausible reason for sending one, so I don't worry about it. Or
you can use DKIM the way we originally intended and observe that yahoo.com has
a generally good reputation so you'll accept the reports they send.
Many of these domains only send us DMARC reports and have no independent
reputation for 'normal' mail.
Well, you know, I have a domain dmarc.fail, and if I wanted I could send
you dmarc reports from dmarc.fail that are 100% DKIM signed and SPF pass
and DMARC aligned and 100% valid XML but that are also 100% fictional.
I do not understand what problem you think exists here. Anyone can send
fake DMARC reports but as I said, I've never seen one and it's hard to
imagine a plausible reason to do so other than just being perverse.
R's,
John
_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org