On 12/7/24 20:35, John Levine wrote:
> It appears that Daniel K. <[email protected]> said:
>> But how can I know that [email protected] speaks on behalf of
>> yahoo.no, aol.com, rocketmail.com, etc.?
>
> Yahoo is an outlier here sending separate reports for different hosted
> domains.
They're not the only ones doing it like that, and looking a bit harder I
see we receive similar third party reports from, among others:
fastmaildmarc.com for fastmail.com
dmarc.mailmike.net for inboxsys.net
Banks
*long*.sbcore.net for swedbank.se
seb.se for sebkort.no
Government
statens-it.dk for sitnet.dk
Some of them does not even pass DMARC.
*many.labels*.iphmx.com for avinor.no and lots more
perim-prod-007.politiet.master.net
for dmarc_noreply.politiet.no
Looks like it's from the Norwegian police, but hard to tell since
they're using a totally made up domain. Not DKIM signed, but SPF for
politiet.no lists the sending IP.
> Personally, I don't think I've ever seen a fake aggregate report, and it's
> hard
> to imagine e plausible reason for sending one, so I don't worry about it. Or
> you can use DKIM the way we originally intended and observe that yahoo.com has
> a generally good reputation so you'll accept the reports they send.
Many of these domains only send us DMARC reports and have no independent
reputation for 'normal' mail.
> You probably also get reports from google.com that include mail sent
> not just to google.com or gmail.com but the gazillion private domains
> they host. You can't even tell what recipient domains they purport to be
> reporting.
Indeed.
Daniel K.
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
