[ Wearing an MTA developer's hat. ]
I see that an MTA is supposed to remove existing Authentication-Results
and BIMI-Indicator headers, and that generally an MUA may use these
headers if present.
I presume that most MTAs only add these headers on delivery, but if a
non-compliant MTA received a message with these headers there is a risk
that the MUA would trust them.
Would it help if MUAs that don't actively support BIMI at least removed
these headers when delivering to local mailboxes ?
--
Andrew C. Aitchison Kendal, UK
[email protected]
_______________________________________________
mailop mailing list
[email protected]
https://list.mailop.org/listinfo/mailop
