Re: Opendkim on-(error) configs for production systems?
On Wed 22/Jun/2016 00:59:32 +0200 jasonsu wrote:
>
>> If you'r using DMARC *only* your DMARC instance should reject after
>
> SHOULD we be using DMARC *only*? If you do, and there's for example no
> DMARC policy published, but SPF/DKIM fails to validate, how do you properly
> reject in the absence of a DMARC record?
Conversely, if MAIL FROM:<> and no SPF HELO record, should we look for an SPF
record at the organizational domain if we found a DMARC record there?
> currently, SPF has this policy
>
> HELO_reject = Fail
> Mail_From_reject = Fail
> No_Mail = False
> PermError_reject = True
> TempError_Defer = False
RFC 7208 has its own whitelisting recommendations...
jm2c
Ale
Received on Wed Jun 22 2016 - 08:18:50 PST
This archive was generated by hypermail 2.3.0
: Wed Jun 22 2016 - 08:27:01 PST