On 30.07.24 16:40, Gilgongo via Postfix-users wrote:
Thanks for all the replies on this - food for thought! Seems the general consensus is that while in theory I should reject for p=reject (since that's what the sender wants me to do), in practice things like mailing lists and other forwarding conditions make that unsafe (and to a lesser extent the same applies to SPF and DKIM). At least in terms of a binary decision. So I think I'll stick with what I have and perhaps experiment with some SA scoring tweaks.
FYI Mailman 2 claims to rewrite From: header to fullfill DMARC requirements only when DMARC policy is "quarantine" or "reject"
- rejecting mail failing DMARC can be safe even with mailing lists which usually appear to break DKIM.
https://wiki.list.org/DOC/Mailman 2.1 List Administrators Manual#Additional_settings -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. The early bird may get the worm, but the second mouse gets the cheese. _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org