|
|
|
|
|
|
by nickphx
1075 days ago
|
|
|
I'm not sure I understand the issue. What are you doing with the emails received via webhook that SPF/DKIM is needed? Are they being imported into a CRM and re-displayed?
I treat any email message sent to the subdomain(s) configured for sending transactional / marketing messages as untrusted and act accordingly. |
|
|
- CRM system (obviously an issue) - Inbound email automation (eg. action based on reply from user / admin / etc)
But really, any inbound action where you don't want someone to be able to trivially spoof the sender, when the sender has SPF/DKIM/DMARC all configured.
For people using Mailgun purely for marketing email purposes, this is unlikely to be an issue, as you're unlikely to be using inbound routes for automation/processing.