I didn't get any of those (the POSTs below are not to the right URI)
but it's impressive how fast Russian bots started to probe it, within
hours.
I thought it's about interoperability. Simply having a webserver running
doesn't come close to interoperability, and certainly not at scale.
I guess I wasn't clear enough. I know there's no http reporting in DMARC,
but there was in an early version of the spec. I was wondering if anyone
had implemented that. Apparently not.
My question was not intended to imply that HTTPS reporting should be
avoided. My point was that there has been basically no security discussion
or scrutiny of such an implementation.
That's fine but as I said I think it is clear that the security of https
reporting is better than of mail reporting.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
