[dmarc-discuss] Re-verifying external report destinations

Alessandro Vesely vesely at tana.it
Mon Nov 11 01:54:03 PST 2019


On Fri 08/Nov/2019 18:03:00 +0100 Ken O'Driscoll via dmarc-discuss wrote:
> Quick question:
> 
> Is is common for providers to re-verify external report email addresses
> from time to time?


It should be verified every time, since one can also override the destination
address.


> I ask because a few months ago we did a clean-up and deleted a few
> authorisation TXTs for former clients who still had our report email
> address configured in their record.
> 
> I've just noticed that some providers, including a few large ones (Google,
> LinkedIn and Rackspace) are still sending DMARC reports for some domains
> despite the lack of corresponding verifying records for several months.
> 
> Is what I'm seeing normal behaviour?


It looks like a bug to me.


> And if the answer is yes, is rejecting the messages what others do when
> faced with an uncooperative former client?


Reports should contain a contact to report the bug to.


Best
Ale
-- 




















More information about the dmarc-discuss mailing list