Re: Opendkim on-(error) configs for production systems?

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

From: Alessandro Vesely <vesely_at_tana.it>
Date: Wed, 22 Jun 2016 10:18:39 +0200

On Wed 22/Jun/2016 00:59:32 +0200 jasonsu wrote:
>
>> If you'r using DMARC *only* your DMARC instance should reject after
>
> SHOULD we be using DMARC *only*? If you do, and there's for example no
> DMARC policy published, but SPF/DKIM fails to validate, how do you properly
> reject in the absence of a DMARC record?

Conversely, if MAIL FROM:<> and no SPF HELO record, should we look for an SPF
record at the organizational domain if we found a DMARC record there?

> currently, SPF has this policy
>
> HELO_reject = Fail
> Mail_From_reject = Fail
> No_Mail = False
> PermError_reject = True
> TempError_Defer = False

RFC 7208 has its own whitelisting recommendations...

jm2c
Ale
Received on Wed Jun 22 2016 - 08:18:50 PST

This archive was generated by hypermail 2.3.0 : Wed Jun 22 2016 - 08:27:01 PST