In article <[email protected]> you write: >On Tue 24/Nov/2020 13:52:43 +0100 Brotman, Alex wrote: >> I had one spam message that had 13 parts. It included both "_mta-sts" and >> "mta-sts" in there, as well as >"mail" nine times. The last two parts were the org domain. > >If the message happened to authenticate, negative reputation is better added >to >that org domain rather than to .com or to some random mta-sts.mail.something.
Why would you think that spam was sent by the actual holder of that org domain? Since the address contained an underscore, it's invalid anyway so you could probably reject the message without a lot of extra checks. >IOW, if we need the OD anyway for alignment, there's no point in discovery >DMARC records by tree walk. My plan is that whatever you discover by the tree walk replaces the OD. In the likely common case that the tree walk ends at _dmarc.<orgdomain> you get the same result either way. R's, John _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
