halderen
commented
7 years ago This is simply something we cannot test as we do not know the sender.
Open baknu opened 8 years ago
halderen
commented
7 years ago This is simply something we cannot test as we do not know the sender.
baknu
commented
7 years ago New insight: Seems like we could test it for the IP addresses we get out of the SPF record. Probably therefore relates to #93.
baknu
commented
4 years ago This relates to #31
bwbroersma
commented
1 year ago This is also related to security.txt, especially if the security.txt is not served without setting the HTTP host, or needs SNI address in the ClientHello of the TLS.
Check whether host has (FC)rDNS and whether this is signed with DNSSEC. Especially important when sending mail over IPv6. Although IP of MX is not necesarilly the outbound SMTP IP.
See: https://tools.ietf.org/html/rfc7001#section-3 and https://support.google.com/mail/answer/81126?hl=en#authentication