If I can chime in for a moment, I'd love to see the large mailbox providers
enable forensic reporting for those who have well formed DMARC records. I
have clients who are rejecting spoof attempts initiated by competitor
companies. We'd sure love to see the forensic reporting on that.
On Tue,
At AOL we see this as well, and for now we're treating it as "they're still
figuring this DMARC thing out". If it's someone we have a regular
relationship with and it's not a blip, we'll reach out and ask what's up.
If it appears to be a serious issue - a domain getting heavily abused for
example
>There's a semi-related issue I'm seeing. A number of domains have used
>addresses @dmarc.org for their aggregate reports, and some report
>generators have not implemented cross-domain reporting authorization
>checks. This volume pales in comparison to the volume of spam directed
>at the same
