Everybody's aware that Google will start enforcing DMARC Feb 1st, right?

Maybe I'm just paranoid but if you configure your DMARC records to receive reports via email, doesn't that open the door for malicious actors to send bogus reports, if for no other reason than just for the lulz? I realize that the only sane way to deal with these reports is via an automated service (nobody in their right mind wants to manually parse through tons of XML reports on a regular basis) but how do I stop the incoming data from being poisoned?

I think the end goal here is to push stuff like BIMI so big tech can start charging another large annual fee to all businesses that want their email delivered.

I am confused about what exactly this means if we just have a personal domain for my professional emails. Which are just a couple a day at a max (really depends on if I am looking for a new job or not).<p>Does this make having email accounts like this viable anymore? Am I at risk of my emails not getting where I expect them too, particularly important if I am looking for a new job?<p>I use Amazon WorkMail so will need to see if that has done what is necessary, but still worried what exactly this will mean.<p>Edit: Is there a tool to validate that things are setup how we need it to be?

The DMARC requirement only applies to senders who send at least 5000 e-mails per day to gmail-recipients.<p>I&#x27;m not a fan of DMARC. SPF and DKIM already do their job well enough. Then people add DMARC with &quot;p=none&quot; just to tick their &quot;have DMARC&quot; box. Even google suggests a policy of &quot;none&quot; is ok, but doesn&#x27;t mention that this means SPF and DKIM will be ignored.

Just that you must have a DMARC record in place. Doesn’t have to be enforced yet.<p>That is a logical next step down the road though and IMO long overdue.