On Wed, Apr 29, 2015 at 5:04 AM, Stephen J. Turnbull <[email protected]> wrote:
> J. Gomez suggests: > > > > That would force DMARC-compliant Mediators to reject (or accept > > > > but not resend) incoming email from p=reject domains, > > > > irrespective of whether such mail passes or not the initial > > > > incoming DMARC checks. > > Something about having mediators (ie, non-MTAs) implement this check > was bothering me. I realized that the nagging thought was the > *Mediator* doesn't have to do it. > > Variation A: > > The *outgoing MTA* can do this check; it has the same information (the > "From" field, the DKIM signature, and the DNS) that the mediator does. > This outgoing check is just a variation on the spamfighting theme of > "if pretty much anybody can send from your system, you have to check > outgoing mail as well as incoming mail." > [...] > Outgoing from the Author, or outgoing from the Mediator? Either way, it seems to me that this is something a fully compliant participant might do, but that broken or hostile actors won't bother doing. -MSK
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
