On Mon, May 3, 2021 at 5:26 AM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote:
> I meant to say that we need N unique (and valid) smtp TO addresses, so > that an attacker cannot send a single email address and wait for an rua > report to know where it lands. > > Valid addresses are needed to hinder usage of bogus addresses to defeat > the test. > Is that enough? If I control a domain, I can make up any number of apparently-valid envelope addresses I want. Using DKIM selectors for tracking will also put a huge load on DNS if > implemented at scale [...] > How so? -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc