On Sun, Dec 8, 2024 at 12:53 PM John R Levine <jo...@taugh.com> wrote: > > On Sun, 8 Dec 2024, Daniel K. wrote: > > * Bad actor sends email to example.com spoofing the > > From address. > > > > * Bad actor then sends a fake third-party report to us > > purporting to be from example.com for the reporting period. > > Does that really happen? > > We have several people here who run services that process a lot of > reports, so I'd be interested to hear what they have to say.
I've never heard of this happening. I hear the concern. I think if it took us years to even think about it, it's probably not something we have to rush to address. How we might link or verify reporting MBPs to domains in the future might be an interesting thing to discuss ... in the future. My hope is that we backburner it for today. It ranks number eleven, at best, on everybody's top ten list of issues. Cheers, Al Iverson _______________________________________________ dmarc mailing list -- dmarc@ietf.org To unsubscribe send an email to dmarc-le...@ietf.org
