Heho, > If they did, they would age them for at least a year before turning them into > traps, by which time the DMARC records would be long gone. I generally agree with your argument, that this is a really unlikely scenario. Also, because the spam-trap domain would naturally lack the <domain>._report._dmarc. record necessary, this pretty much will not be the case; I overlooked that.
However, judging from the state of DMARC reporting by the bounces hitting my report-from (_large_ orgs having non existent mailboxes in there etc.), I'd argue that the only thing that prevents ruf/rua that are stale for a decade is the age of RFC7489. With best regards, Tobias -----Original Message----- From: mailop <[email protected]> On Behalf Of John Levine via mailop Sent: Tuesday, 17 May 2022 23:23 To: [email protected] Cc: [email protected] Subject: Re: [mailop] Spamhaus: Get more details about LISTING (Could a DMARC Report Address point to a spamtrap)? It appears that Tobias Fiebig via mailop <[email protected]> said: >Heho, >I recently described how this could actually be used by a malicious >third party to cause a sender to be blocklisted by major mail operators (see >thread titled "DMARC/TLSRPT to non-existing accounts/reflection and sender >reputation" from the end of April). However, in your case it does not really >sound malicious. > >Still, spamhaus might have picked up expired domains to setup spam >traps, and you may be sending to a ruf/rua on an expired domain. (Note: >Wild guess) If they did, they would age them for at least a year before turning them into traps, by which time the DMARC records would be long gone. That's not it. I suppose someone could set up a malicious MX to aim random junk at mail servers, but Spamhaus' trap servers are pretty hard to find. _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
