On 12/11/2020 11:10 AM, Hector Santos wrote:
* SPF -ALL, REJECT - Receiver rejects at MAIL FROM state with a 550
response.
Correction:
* SPF -ALL, REJECT - Receiver rejects at RCPT TO state with a 550
response. SPF is only tested once a valid (existing) RCPT TO is provided.
This was the very first major optimization done with SPF back in
2003/2004 when it was first changed from MAIL FROM to RCPT TO. It
resulted in a DNS lookup overhead savings of 60% because at the time,
60% of the RCPT TO were "unknown, not locally hosted" addresses.
This mode of operation is on-par with the SMTP RFC5321 Section 3.3
recommendation:
3.3 Mail Transactions
.....
Despite the apparent scope of this requirement, there are
circumstances in which the acceptability of the reverse-path may
not be determined until one or more forward-paths (in RCPT
commands) can be examined. In those cases, the server MAY
reasonably accept the reverse-path (with a 250 reply) and then
report problems after the forward-paths are received and
examined. Normally, failures produce 550 or 553 replies.
--
Hector Santos,
https://secure.santronics.com
https://twitter.com/hectorsantos
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc