Indeed, an email will only be rejected if it has DMARC setup as reject. I can attest that personal email services such as Outlook / MSN do reject email properly (in case of DMARC fail and the FROM domain has a reject policy).
On Tue, May 23, 2023 at 7:43 AM Matthäus Wander via mailop < mailop@mailop.org> wrote: > Benoit Panizzon via mailop wrote on 2023-05-23 15:35: > > Hi List > > > > I'm surprised... > > > > six-group.com is the biggest payment platform in Switzerland. Of course > > they use SPF to protect their domain from being abused by phishers. > > six-group.com does not use DMARC, so I would say there is room to > improve the anti-phishing measures. > > > It looks like GV0CHE01FT013.mail.protection.outlook.com is happily > > accepting phishing emails which, according to SPF should get rejected. > > As SPF does not work in legitimate mail relaying scenarios, it is wise > to not reject every message that fails SPF, but rather use it for spam > filter scoring. > > Regards, > Matt > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://list.mailop.org/listinfo/mailop > -- Regards, *Enze "**Alex" **Liu* PhD Student Department of Computer Science and Engineering e7...@eng.ucsd.edu University of California, San Diego
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
