I was just looking at some data for a domain that's subject to ongoing spoofing. It publishes both a DMARC reject policy (p=reject) and an SPF sends no mail record (v=spf1 -all).
I see a small, but persistent, level (< 0.1%) of mail purportedly from this domain marked as forwarded. It occurs to me that providers that are identifying forwarders via their internal processing might use the presence of a sends no mail SPF record as an indicator that something isn't forwarded and if their heuristics believe it is, then there's something not working quite right. This isn't something that is relevant to the current milestone we're working on, but when we get to best practices, it may be, so I wanted to go ahead and bring it up so that organizations identifying and marking forwarders have a chance to think it over in advance. Scott K _______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
