On 1/26/21 9:16 AM, John R Levine wrote:
Even if you can deduce a From: email address after the Subject Alt
Name, you cannot reliably associate it to an organizational domain.
Sorry, that makes no sense at all. The cert has a domain name, or a
bunch of domain names. You can do exactly as much or as little with
those domain names as you can with the domain in an e-mail From:
header. Keep in mind, of course, that none of those domains have any
connection at all with the contents of an aggregate report, no matter
how it is delivered.
Use of client certs is a non-starter. The use of http here is
problematic and getting more so. This entire issue should just be junked.
Mike
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
