One thing I'm interested in is the https reporting. I'm not aware of any implementations of this as yet? I would have expected the large providers, Agari, ReturnPath to have this setup.
I understand that providing feedback via email is easy to fit into current infrastructure, but it's subject to everything DMARC is trying to prevent in the first place. The spec states: "the message comprising the report should be DKIM-signed and originate from a source for which an SPF test would pass. This practice minimizes the risk of report consumers processing fraudulent reports." That seems a bit lenient to me SHOULD be DKIM-signed.. Just my thoughts/comments anyway, keen to hear feedback! -- Regards Andy
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)