On 08/03/2024 18:45, Hector Santos wrote:
I believe it is correct, SHOULD strive to trusted known sources. The final mechanism SHOULD be one of (hard) failure. This is what we (ideally) strive for. I believe anything weaker is a waste of computational resources, causes confusion using neutral or even soft fails especially with repeated transactions.
A compromise seems to be to set neutral/ softfail for forwarded messages. You don't want them to be blocked, but neither you want to blindly grant occasional forwarders to originate mail with your domain name. That's not optimal. Forwarding should be fixed, e.g. by establishing streams at both sides.
Another other case is for mailbox providers which don't filter against cross-domain abuse. In this case, the optimal solution is to choose better providers.
Best Ale -- _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
