On Sun, 8 Dec 2024, Daniel K. wrote:
Personally, I don't think I've ever seen a fake aggregate report, and it's hard
to imagine e plausible reason for sending one, so I don't worry about it.  Or
you can use DKIM the way we originally intended and observe that yahoo.com has
a generally good reputation so you'll accept the reports they send.

Many of these domains only send us DMARC reports and have no independent
reputation for 'normal' mail.

Well, you know, I have a domain dmarc.fail, and if I wanted I could send you dmarc reports from dmarc.fail that are 100% DKIM signed and SPF pass and DMARC aligned and 100% valid XML but that are also 100% fictional.

I do not understand what problem you think exists here. Anyone can send fake DMARC reports but as I said, I've never seen one and it's hard to imagine a plausible reason to do so other than just being perverse.

R's,
John

_______________________________________________
dmarc mailing list -- dmarc@ietf.org
To unsubscribe send an email to dmarc-le...@ietf.org

Reply via email to