On Tue, 15 Nov 2022, Douglas Foster wrote:
If a server farm hosts DomainA and DomainB, and I only get DMARC aggregate reports when I send to DomainA, then I can conclude that DomainB is not evaluating DMARC and is therefore more vulnerable to impersonation attacks than DomainA.
You can conclude whatever you want, but all you know is that they don't send reports. You don't know whether they are looking at DMARC and for some "security" reason don't send them.
In any event, the point of IETF standards is to tell people how to interoperate. It is not our job to try to save people from themselves. If someone doesn't want to use DMARC, that's up to them, not to us or to you.
R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
