On 05/21/16 11:20, list...@tutanota.com wrote: > check DKIM with milter, reject immediately if it fails > check DMARC milter, reject immediately if it fails
I think automatic reject on DMARC failure is premature at the current point of DMARC adoption. Case in point: My own domain's outgoing mail flows are 100% DMARC compliant. Yet 94% of my endpoint mail *deliveries* fail DMARC, because they go through forwarders that are dropping DMARC, DKIM, SPF, or all three on the floor. Several of these forwarders are privately-run mailing list servers, true. But the worst offender on the list is mit.edu, which is dropping EVERYTHING. Seriously, MIT? Dropping *ALL* mail verification on the floor? -- Phil Stracchino Babylon Communications ph...@caerllewys.net p...@co.ordinate.org Landline: 603.293.8485
