It appears that Douglas Foster <[email protected]> said: >-=-=-=-=-=- > >I recommend adding this text or similar language to address a security >problem\. > >Doug Foster > >"Operators of multi-tenant servers are cautioned against configurations >which have some clients configured to use DMARC and send DMARC reports, >while other clients are configured to ignore DMARC and consequently send no >reports. Attackers could probe to detect which domains do or do not send >reports, and use that feedback to identify domains which have no DMARC >protections in place. ...
Sorry, but no. For one thing, whatever assumptions you are making about the relationship among domains that happen to use the same mail server is wrong. For another, it is quite possible to look at DMARC and not send reports. My mail server does that, because I never got around to getting the reports to work. There is nothing to change here. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
