Wouldn't it be easier to read your email logs instead?
Yes it would, but as I said in my original posting:
(Of course the outbound mail servers or firewall are the correct place to detect and block forwarding. But this trick would find people who are bypassing the outbound mail servers, or perhaps detect a flaw in the output policy rules.)
If I have an enforced policy in the mail server that alerts or blocks forwarding, people who really want to will try to find ways to bypass it, e.g., using port 465. The potential to flag such leaks is what makes this mechanism interesting. (Yes, yes, I know I can block ports. That's not my point.)
<csg> _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
