Open baknu opened 8 years ago
This is simply something we cannot test as we do not know the sender.
New insight: Seems like we could test it for the IP addresses we get out of the SPF record. Probably therefore relates to #93.
This relates to #31
This is also related to security.txt, especially if the security.txt is not served without setting the HTTP host, or needs SNI address in the ClientHello of the TLS.
Check whether host has (FC)rDNS and whether this is signed with DNSSEC. Especially important when sending mail over IPv6. Although IP of MX is not necesarilly the outbound SMTP IP.
See: https://tools.ietf.org/html/rfc7001#section-3 and https://support.google.com/mail/answer/81126?hl=en#authentication