-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 While checking dmarc, we check for dkim signatures. If that fails, we look for spf records. A very small number of those contain mx: tokens. While chasing a bug in my code, it became obvious that almost everyone misuses those, and they really meant to use a:some.name
So we could (do what they want) interpret mx:mail.example.com as if it were a:mail.example.com - we won't be rejecting mail that the sending domain intended for us to accept. But that just hides their error and possibly increases the chances of yet more folks making the same mistake. What does your code do when it sees mx:mail.example.com, where there is no mx record, but there is an a record? -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.14 (GNU/Linux) iEYEAREKAAYFAlrOgRIACgkQL6j7milTFsHgpQCeMBsUmcz/5adrHRFZ3X5vrfL8 2QkAoIRxFWUB1Ln5DTQbsnOAsDWz39Cu =6wlm -----END PGP SIGNATURE----- _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop
