>I don't understand the security or GDPR references. Well this is amusing. I wondered if anyone had ever implemented some version of the http reporting in early DMARC drafts, so I set up a new domain with a server that will accept POST or PUT requests and added its URI to my DMARC records.
I didn't get any of those (the POSTs below are not to the right URI) but it's impressive how fast Russian bots started to probe it, within hours. This is not a reason to avoid https reporting. Every web site gets probed like this and so long as your web server rejects unknown URIs, they're harmless. After all, my e-mail reporting addresses get a certain amount of spam, too. R's, John 139.162.113.204 dmreport.abuse.net - [07/Dec/2020:03:15:11 -0500] "GET / HTTP/1.1" 404 719 "HTTP Banner Detection (https://security.ipip.net)" 192.241.209.169 dmreport.abuse.net - [07/Dec/2020:05:26:29 -0500] "GET / HTTP/1.1" 404 719 "Mozilla/5.0 zgrab/0.x" 192.241.237.68 dmreport.abuse.net - [07/Dec/2020:05:49:18 -0500] "GET /owa/auth/logon.aspx?url=https%3a%2f%2f1%2fecp%2f HTTP/1.1" 404 786 "Mozilla/5.0 zgrab/0.x" 91.241.19.84 dmreport.abuse.net - [07/Dec/2020:06:44:01 -0500] "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 823 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 91.241.19.84 dmreport.abuse.net - [07/Dec/2020:06:44:01 -0500] "POST /api/jsonws/invoke HTTP/1.1" 404 757 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 91.241.19.84 dmreport.abuse.net - [07/Dec/2020:06:44:07 -0500] "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1" 404 823 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 91.241.19.84 dmreport.abuse.net - [07/Dec/2020:06:44:07 -0500] "GET /index.php?s=/Index/\\think\\app/invokefunction&function=call_user_func_array&vars[0]=md5&vars[1][]=HelloThinkPHP21 HTTP/1.1" 404 858 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 91.241.19.84 dmreport.abuse.net - [07/Dec/2020:06:44:09 -0500] "GET /?XDEBUG_SESSION_START=phpstorm HTTP/1.1" 404 753 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 91.241.19.84 dmreport.abuse.net - [07/Dec/2020:06:44:11 -0500] "POST /mifs/.;/services/LogService HTTP/1.1" 404 779 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 91.241.19.84 dmreport.abuse.net - [07/Dec/2020:06:44:12 -0500] "GET /wp-content/plugins/wp-file-manager/readme.txt HTTP/1.1" 404 813 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.108 Safari/537.36" 193.118.53.202 dmreport.abuse.net - [07/Dec/2020:11:45:14 -0500] "GET / HTTP/1.1" 404 719 "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36" 67.205.149.169 dmreport.abuse.net - [07/Dec/2020:12:50:40 -0500] "GET / HTTP/1.0" 400 362 "-" 83.97.20.31 dmreport.abuse.net - [07/Dec/2020:14:46:30 -0500] "GET / HTTP/1.1" 404 723 "-" 185.141.63.14 dmreport.abuse.net - [07/Dec/2020:14:47:37 -0500] "GET / HTTP/1.1" 404 723 "libwww-perl/6.49" _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
