A little off topic, but is there any normative text in DMARC about the
authenticity of the reporting? It seems like there ought to be normative
text that the report should have a valid DKIM signature from the domain
reporting. I'm not sure how you'd go about doing that with HTTPS though
since client certs are essentially nil, and the normal way to do
authentication is by creating an account.
Mike
On 1/20/21 11:19 AM, John R Levine wrote:
On Wed, 20 Jan 2021, Alessandro Vesely wrote:
John's record looks more workable, but it's still fluffy:
"v=DMARC1; p=none; rf=afrf;
rua=mailto:[email protected],https://dmreport.abuse.net/dmreport/;
ruf=mailto:[email protected]";
Whaddaya mean fluffy? Try a PUT or POST to that URI and it'll work.
I suppose the good news is that nobody implemented the underspecified
report URL in one of the earlier DMARC drafts.
It is not underspecified. It specifies the /mailto:/ scheme. ...
Early drafts had an http PUT with some error that would have prevented
it from working. It was removed before 7489 was published.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
