On 11 Feb 2021, at 23:55, Nick Tait wrote:
On 12/02/2021 5:49 pm, Nick Tait wrote:
Perhaps the advice should be: If you are using Sendmail, then (a) you
shouldn't publish a DMARC policy and (b) you shouldn't reject emails
based on failed DMARC check; but if you aren't using Sendmail then as
long as you don't mind rejecting emails from misconfigured domains,
then it is fine to apply whatever policy is published by that domain?
The way I see it at least when you reject an email it might give the
sender a clue that they have a DMARC problem? ...That is, except when
their email has been forwarded by a mailing list. :-(
Sorry I meant to say: "If you are using Sendmail, then (a) you
shouldn't publish a */p=reject/* DMARC policy..."
Which does not address the original question:
On 11 Feb 2021, at 4:32, Eugene Podshivalov wrote:
Is it safe enough nowadays to drop dmarc failed incoming mail with
opendmarc?
Mail transport often involves MTAs not under the control of the original
sender or ultimate recipient or the authorities for the sender's domain.
Traditional forwarding (e.g. ~/.forward) still exists and many systems
supporting it run Sendmail, which will make usually-harmless changes to
some edge-case To and Cc headers and break DKIM signatures.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
