I realize this is a Very Late Response to Blason's query... (I've had serious medical
challenges this year; "should" be dead yet here I am ;) )
I thought you might be encouraged by our experience.
Scenario:
- We have a Very Old Domain (ds.org) that's ONLY used for infrastructure. NOT web, and
not even sending/receiving email (u...@ds.org). Yet our email server is aster.ds.org
- In spite of not sending any email, more and more we were being marked as spammers
by various block lists.
- If you think about it, we have a perfect honeypot for spam. ANY email to or from that
domain is by definition invalid :) :)
Solution:
- I finally implemented SPF, DKIM and DMARC...
- WHAM!!!
Over a thousand spams a day (mostly from Asia) were being sent faking our
domain as source.
- Challenge #1: our DMARC report processor initially had to tweak a few things. We're
honestly not a large volume emailer... yet they were processing quite a few records ;)
- Challenge #2: we ended up implementing "non standard" subdomain wildcards due to a
variety of fake subdomains being spoofed.
Result:
- We're no longer accused of being spammers
- "Only" ~600 spams detected in the last *week* (by DMARC-capable servers)
- All were trying to spoof our domain
- Of those, ~500 were from *.nxdomain, the rest at least had a real IP entry.
Blessings,
Pete
On 9 Jan 2019 Blason R via dmarc-discuss said...
Hi Edward,
How do I make it work for Inbound if my MTA/AntiSpam does not support? Not sure if I
understood your question correctly but would appreciate if you can shed some light on
this? lets say I am on google apps.
Google Apps I guess bydefault takes care of Incoming mail. But what if I am using third
party MTA which does not support Inbound DMARC checks? Yes most of them do support
SPF and DKIM validation but not DMARC I guess.
Please correct me if I am wrong.
Thanks and regards,
Blason R
On Wed, Jan 9, 2019 at 7:00 PM Edward Siewick via dmarc-discuss <
dmarc-discuss@dmarc.org> wrote:
> Blason,
>
> Actually, consider implementing testing (SPF, DKIM) and DMARC for
> inbound. Since you've implemented for everybody else, why not put
these to
> use for your own organization?
>
> Edward S.
>
>
> On 1/8/2019 10:26 PM, Blason R via dmarc-discuss wrote:
>
> Hi DMARC Team,
>
> What I understand is DMARC is very beneficial for the mails which
are
> being sent from my domain to third party. But can we stop the emails
coming
> at me pretending to be my own domain? My assumption again here is we
can
> not and need to have AntiSpam policy to block looking at SPF and
DKIM?
>
> TIA
> Thanks and Regards
> Blason R
>
> _______________________________________________
> dmarc-discuss mailing
listdmarc-discuss@dmarc.orghttp://www.dmarc.org/mailman/listinfo/dmarc
-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note
Well terms (http://www.dmarc.org/note_well.html)
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss@dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note
Well
> terms (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
