On Tue 04/Nov/2025 01:01:19 +0100 Murray S. Kucherawy wrote:
On Mon, Nov 3, 2025 at 6:40 PM G.W. Haywood <[email protected]>
wrote:
I meant maybe the document could usefully spell it out in full.
I think "mail exchange server" complicates what the bullet is trying to
say. It says the right thing by just using "mail servers", and we don't
have to get into explaining what an exchanger or an MX is.
I thought Ged's hint was fine, so -18 now has this:
By report consumers:
* isolate Mail eXchange (MX) servers receiving reports from
receiving other mail streams;
* use sandboxes in evaluating failure reports;
* use network segmentation;
* limit access to failure reports to authorized individuals with
appropriate security training.
Saying "mail server" can be quite obscure (I have a "ruf" folder on my IMAP
server, so is that isolated?) But on the other hand you can't choose the MX
either. I think Michael meant[*] that the domain-part of the ruf= tag should
be a domain not used for generic email addresses and should have a dedicated
MX. I'm unable to express that concept without saying "MX". (BTW, isn't that
a bit excessive? An email message in transit cannot do much harm...)
Best
Ale
--
[*] https://mailarchive.ietf.org/arch/msg/dmarc/jFRZT_FbSaHdfN-OTrm4aCZ6jp4
_______________________________________________
dmarc mailing list -- [email protected]
To unsubscribe send an email to [email protected]
