On Thu, 21 Aug 2025, Murray S. Kucherawy wrote:
However, we've found that there are other policy decisions we want to
apply to messages based on DKIM/DMARC status. For technical, security, and
liability reasons, simply getting the DKIM/DMARC status from the
Authentication-Results is not sufficient for this.
Can you explain why? This is exactly what A-R was made to do.
It also occurs to me that the MUA can't directly check the SPF result
because it doesn't know what IP the message was sent from. It could look
at the Received haders, but if it's going to believe them, why wouldn't
it also believe the A-R?
R's,
John
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
