SMTP authentication cannot be transmitted via ARC-A-R either, because ARC
doesn't provide for an i=0 instance. So, there is no way to signal that the
sender is not an open relay. However, until open relays stay out of fashion
—only toad.com AFAIK— this problem can be postponed.
Allowing
I used authentication results in the general sense, to include ARC sets,
Authentication-Resilts, and Received-SPF. ARC is most applicable to this
situation but the others are not consistently removed prior to message
crossing organization boundaries.
After writing this, I wondered if the best
On Sun 27/Aug/2023 20:49:26 +0200 Douglas Foster wrote:
I am much discouraged by the recent discussion about false DMARC PASS
based on false SPF PASS or malicious mDKIM replay. When combined with the
discussion about false DMARC FAIL for mailing lists, it seems like we have
a very
I am much discouraged by the recent discussion about false DMARC PASS
based on false SPF PASS or malicious mDKIM replay. When combined with the
discussion about false DMARC FAIL for mailing lists, it seems like we have
a very unimpressive standards proposal.
We have proposed defending against
