It appears that Scott Kitterman <skl...@kitterman.com> said: >Or, as RFC 4408 and RFC 7208 warn against, ESPs don't allow customers to send >mail for anything other than their own domains. ESP customers, don't use ESPs >that do this.
It's not just ESPs. There's a widely reported bug that lets anyone whose mail is hosted at Microsoft send SPF-compliant mail pretending to be any other MS customer. The BreakSPF paper describes a bunch of other ways to send mail through various clouds such as pointing a web proxy at someone's port 25 and sending SMTP commands inside HTTP, which works a lot more often than you might imagine. R's, John _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc