Powers, Jot wrote:
I would expect a "reject, then delete" policy would be in the best
interests of the receivers.
Yes, and also in your interest as admin of the domain phished.example
Scott's point "better reject" is about a legit sender with a simple
typo phished.example instead of phishes.example - however that sender
managed it, he's better off with a reject. Otherwise his mails will
simply vanish into "drop" black holes, until he notes that something
in his 2822-From is very wrong. Arguably a "false positive" from his
If your sender signing policy expresses the wish to reject all mails
without valid signature receivers are still free to interpret this
less (= accept + tag as very suspicious) or more radically (= drop),
but ideally (wrt reliability) they'd reject it directly at their MX.
NOTE WELL: This list operates according to