On 11/26/21 8:57 AM, Michael Taubert wrote:
Hi everyone!
Recently I've received some dmarc reports from various hosts like
google, yahoo, and so on. Are these reports of any use or just
information for me? I mean, is there any action required when I got
reports of failed dkim or spf?
All the addresses in these reports does not belong to my mail server. So
I think they just use my domain in the header to spam around. Well, at
least, they trying to.
I feel a bit lost as I don't know what to do about these reports.
Thanks in advance.
Kind regards,
Michael
I would guess these are aggregate reports being sent because the DMARC
TXT record instructs them to:
$ dig +short txt _dmarc.arachnodroid.de
"v=DMARC1;p=none;pct=100;rua=mailto:postmas...@arachnodroid.de;"
The aggregate reports are sent based on a time period.
From RFC 7489 7.2[1]:
> Visibility comes in the form of daily (or more frequent) Mail
Receiver-originated feedback reports that contain aggregate data on
message streams relevant to the Domain Owner. This information includes
data about messages that passed DMARC authentication as well as those
that did not.
Paul
[1] https://datatracker.ietf.org/doc/html/rfc7489#section-7.2