[mailop] DMARC external destination verification ignored?

Vitali via mailop Tue, 06 Feb 2024 08:01:05 -0800

Hi list,

I've found this case where DMARC reports are sent to an external destination 
without the verification TXT record being published.


```

❯dig _dmarc.[redacted] txt +short

"v=DMARC1; p=none; rua=mailto:dm...@emailzustellbarkeit.de";

```

The external destination domain does not publish a `v=DMARC1;` TXT record for 
that domain.

```

❯dig[redacted]._report._dmarc.emailzustellbarkeit.de txt

[...]

;; QUESTION SECTION:

;[redacted]._report._dmarc.emailzustellbarkeit.de. INTXT

;; AUTHORITY SECTION:

emailzustellbarkeit.de.1614INSOAns5.kasserver.com. hostmaster.kasserver.com. 
2401241842 28800 7200 1209600 7200

[...]

```

The only common factor is the root domain of the MX record.

```

❯dig[redacted]mx +short

10 w01ad564.kasserver.com.

❯dig emailzustellbarkeit.de mx +short

10 w01b9b8a.kasserver.com.

```

Some ISPs that send reports are Microsoft (Outlook), Seznam, emailsrvr. I 
already reached out to emailsrvr but didn't get a response yet.

Are they violating the RFC or is there a new DMARC report exception if both 
domains share the MX root domain?

Thank you.Vitali

Sent with [Proton Mail](https://proton.me/) secure email.

_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop

[mailop] DMARC external destination verification ignored?

Reply via email to