DMARC's forensic reports feature discloses mailing list subscriptions, avoid?
Just installed OpenDMARC reporting on our postfix gateways, effectively sending reports for all our customers. Have anyone else done that, and if so, what have you run into?
Apparently that's a problem with mailing lists, and there's a lot of people saying that forensic reports should be disabled. This blog halon.se/blogs/considerations-regarding-dmarc-forensic-reports/ even describes a "information leak" with forensic reports.