Re: [mailop] DMARC external destination verification ignored?
On 2024-02-06 at 15:55 +, Vitali wrote: > > Are they violating the RFC or is there a new DMARC report exception > if both domains share the MX root domain? > > Thank you. > Vitali It would have been preferable that you shared that domain, but it does seem to violate the RFC. The only pecuiar bit I see is that _report._dmarc.emailzustellbarkeit.d e IS set. $ dig _report._dmarc.emailzustellbarkeit.de txt ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52922 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; ANSWER SECTION: _report._dmarc.emailzustellbarkeit.de. 7200 IN TXT "v=DMARC1" but the RFC is clear that the wildcard need to be on *._report._dmarc.e mailzustellbarkeit.de, a record on _report._dmarc.emailzustellbarkeit.de wouldn't match (and, if strictly conforming, there should also be a semicolon after "DMARC1") ___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
[mailop] DMARC external destination verification ignored?
Hi list, I've found this case where DMARC reports are sent to an external destination without the verification TXT record being published. ``` ❯dig _dmarc.[redacted] txt +short "v=DMARC1; p=none; rua=mailto:dm...@emailzustellbarkeit.de"; ``` The external destination domain does not publish a `v=DMARC1;` TXT record for that domain. ``` ❯dig[redacted]._report._dmarc.emailzustellbarkeit.de txt [...] ;; QUESTION SECTION: ;[redacted]._report._dmarc.emailzustellbarkeit.de. INTXT ;; AUTHORITY SECTION: emailzustellbarkeit.de.1614INSOAns5.kasserver.com. hostmaster.kasserver.com. 2401241842 28800 7200 1209600 7200 [...] ``` The only common factor is the root domain of the MX record. ``` ❯dig[redacted]mx +short 10 w01ad564.kasserver.com. ❯dig emailzustellbarkeit.de mx +short 10 w01b9b8a.kasserver.com. ``` Some ISPs that send reports are Microsoft (Outlook), Seznam, emailsrvr. I already reached out to emailsrvr but didn't get a response yet. Are they violating the RFC or is there a new DMARC report exception if both domains share the MX root domain? Thank you.Vitali Sent with [Proton Mail](https://proton.me/) secure email.___ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
