In article <[email protected]> you write: >> this specification MUST delete any discovered instance of this header >> field that claims, by virtue of its authentication service >> identifier, to have been added within its trust boundary but that did >> not come directly from another trusted MTA. > >In my opinion, a header that does not conform to the specified >authres-header-field in the RFC, is not an Authentication-Results >header, has no authentication service identifier, and as such cannot >claim anything in the context of the RFC. ...
Honestly, it doesn't matter. The only A-R headers you can trust are the ones that your own system added, and the point of that text is that you should delete ones that look like yours but that you didn't add. We leave other people's A-R headers in case they might be useful to do forensics, and we have a slightly different version of them in ARC chains which again are only trustworthy if you know who added the ARC seals. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
