Bill, yes thats the question. i would consider the two factors as reliable. MS is signing mails. i just like clear user authentication instead of rely on volatile ips/blocks, microsoft publishes/changes.
what i need to check is also, whether MS allows spoofing of sender address. i need to make sure, no user can use our service, just by sending through any ms account with a correctly guessed allowed sender address. far away from perfect. Am Sonntag, 16. Juni 2019 schrieb Bill Cole < postfixlists-070...@billmail.scconsult.com>: > So if you know that the SMTP client matches SPF (or a statically-set address set) for the sender domain AND the sender address is one you intend to service, how reliably is the mail authenticated by those 2 elements together? > > Is the mail DKIM signed? > > > -- > Bill Cole > b...@scconsult.com or billc...@apache.org > (AKA @grumpybozo and many *@billmail.scconsult.com addresses) >