1) a receiver that will forward quarantined messages, and
do so without changing the bounce address. Solution: Don't Do That.
That's a confounding issue but not the root problem I think. Even if
Microsoft were to implement keeping the bounce address, it just means that
the spammer has to start with the spoofed return-path address on their
initial send.
No, I mean that MS needs to put the actual address of the person
forwarding the mail as the bounce address. Then it's his reputation in
the SPF.
No, then it has the forwarding party's signature which isn't aligned with
the From header.
A spammer could write a From header in anticipation of adding a forwarder's
DKIM signature. This already happens with the SPF upgrade scenario.
If someone is willing to send mail with their From address and their
signature, I think that mail is from them, regardless of how it got there.
If this means their reputation takes a hit, they deserve it.
Regards,
John Levine, [email protected], Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
