[dmarc-discuss] Re-verifying external report destinations

Alessandro Vesely vesely at tana.it
Mon Nov 11 01:54:03 PST 2019

On Fri 08/Nov/2019 18:03:00 +0100 Ken O'Driscoll via dmarc-discuss wrote:
> Quick question:
> Is is common for providers to re-verify external report email addresses
> from time to time?

It should be verified every time, since one can also override the destination

> I ask because a few months ago we did a clean-up and deleted a few
> authorisation TXTs for former clients who still had our report email
> address configured in their record.
> I've just noticed that some providers, including a few large ones (Google,
> LinkedIn and Rackspace) are still sending DMARC reports for some domains
> despite the lack of corresponding verifying records for several months.
> Is what I'm seeing normal behaviour?

It looks like a bug to me.

> And if the answer is yes, is rejecting the messages what others do when
> faced with an uncooperative former client?

Reports should contain a contact to report the bug to.


More information about the dmarc-discuss mailing list