>1) Support Original-Authentication-Results. This requires the MLM to add >them in the first place, and for the DMARC enforcing domains to check them. > Has an open question of how best to "trust" the OAR header on a message. > Options there are explicit whitelists from the sending domains (tpa-labels >or whatever) or to leave it up to the individual receiving domain.
This keeps reducing to the previous case. If you know what senders you trust, why do you need the OAR header? R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
