Viktor Dukhovni:
> > On 18 Nov 2021, at 12:28 pm, Togan Muftuoglu <tog...@dinamizm.com> wrote:
> >
> > Thanks for the clarification. One more thing having the backup MX listed in
> > the SPF records of the domain and opendkim signing the relayed mails does
> > not
> > break the validations in the primary MX when it receives mail from the
> > backup,
> > correct ?
>
> Any receiving system that elects to use a backup MX must whitelist mail from
> the backup MX:
>
> * Not apply any SPF checks
> * Not greylist
> * Not reject messages other than to invalid recipients
A backup MX that can't reject invalid recipients is a backscatter
source when a spammer generates recipients from a dictionary.
Wietse
