A reporting party on the sustainability platform must pre-register their trading partners so that verification messages can be sent. But they could register any email address so there is a fraud vector where the email recipient is not actually the named supplier.
Suggest that
all parties should be registered with their DNS domain (proven with a DNS TXT record or similar)
all verification emails should match the registered domain.
A reporting party on the sustainability platform must pre-register their trading partners so that verification messages can be sent. But they could register any email address so there is a fraud vector where the email recipient is not actually the named supplier.
Suggest that