On Mon 07/Dec/2020 23:13:44 +0100 John Levine wrote:
In article <cabugu1prndjkp_-2yv7nbnbvh340d75ppxkmedthed8qg+0...@mail.gmail.com>
you write:
I have a slight preference for the first option. HELO is too arbitrary in
the protocol for me to put much value in using it in any of these systems.
There's a bit of an implementation detail though. If one is relying on an
encapsulated ck_host() function then you may not know whether it checked
the HELO or the MAIL FROM. Imposing a requirement like this from DMARC
seems like it verges on a layering violation.
You should be able to look at the bounce address and if it's null,
skip the SPF check. No need to peek inside SPF for that.
That would discard most bounces, since many MTAs send them directly, without
going through a signing filter.
Best
Ale
--
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
