Andrew C Aitchison via mailop skrev den 2024-01-13 07:16:
[ Wearing an MTA developer's hat. ]
+1
I see that an MTA is supposed to remove existing Authentication-Results and BIMI-Indicator headers, and that generally an MUA may use these headers if present.
where is this dokumented ?
I presume that most MTAs only add these headers on delivery, but if a non-compliant MTA received a message with these headers there is a risk that the MUA would trust them.
it is tested on incomming mails, not on outgoing
Would it help if MUAs that don't actively support BIMI at least removed these headers when delivering to local mailboxes ?
mua must trust LAST MTA, not all MTA on transit, is this a big hint ? _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
