On 2018-04-12 05:41:46 (+0800), Carl Byington wrote:
While checking dmarc, we check for dkim signatures. If that fails, we
look for spf records. A very small number of those contain mx: tokens.
While chasing a bug in my code, it became obvious that almost
everyone misuses those, and they reall
On 11/04/2018 22:41, Carl Byington wrote:
So we could (do what they want) interpret mx:mail.example.com as if it
were a:mail.example.com - we won't be rejecting mail that the sending
domain intended for us to accept. But that just hides their error and
possibly increases the chances of yet more f
On 2018-04-11 at 14:41 -0700, Carl Byington wrote:
> So we could (do what they want) interpret mx:mail.example.com as if it
> were a:mail.example.com
FWIW, both RFC 4408 from 2006 and RFC 7208 from 2014 explicitly
"MUST NOT" this behavior.
Section 5.4 in each.
> What does your code do when it se
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
While checking dmarc, we check for dkim signatures. If that fails, we
look for spf records. A very small number of those contain mx: tokens.
While chasing a bug in my code, it became obvious that almost everyone
misuses those, and they really meant t
