I recommend adding this text or similar language to address a security problem\.
Doug Foster "Operators of multi-tenant servers are cautioned against configurations which have some clients configured to use DMARC and send DMARC reports, while other clients are configured to ignore DMARC and consequently send no reports. Attackers could probe to detect which domains do or do not send reports, and use that feedback to identify domains which have no DMARC protections in place. To avoid this information disclosure, server owners are advised to evaluate and report DMARC results for all traffic, or else send no reports at all."
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
