Thanks a nice solutions and description however my questions was for DMARC for incoming mails.
On Tue, Aug 20, 2019 at 9:05 PM Pete Holzmann <webbed.p...@gmail.com> wrote: > I realize this is a Very Late Response to Blason's query... (I've had > serious medical challenges this year; "should" be dead yet here I am ;) ) > > I thought you might be encouraged by our experience. > > *Scenario:* > - We have a Very Old Domain (ds.org) that's ONLY used for infrastructure. > NOT web, and not even sending/receiving email (u...@ds.org). Yet our > email server is aster.ds.org > - In spite of not sending any email, more and more we were being marked as > spammers by various block lists. > - If you think about it, we have a perfect honeypot for spam. ANY email to > or from that domain is by definition invalid :) :) > > *Solution:* > - I finally implemented SPF, DKIM and DMARC... > - *WHAM!!! * Over a thousand spams a day (mostly from Asia) were being > sent faking our domain as source. > - Challenge #1: our DMARC report processor initially had to tweak a few > things. We're honestly not a large volume emailer... yet they were > processing quite a few records ;) > - Challenge #2: we ended up implementing "non standard" subdomain > wildcards due to a > variety of fake subdomains being spoofed. > > *Result:* > - We're no longer accused of being spammers > - "Only" ~600 spams detected in the last *week* (by DMARC-capable servers) > - All were trying to spoof our domain > - Of those, ~500 were from *.nxdomain, the rest at least had a real IP > entry. > > Blessings, > Pete > > ------------------------------ > > On 9 Jan 2019 Blason R via dmarc-discuss said... > > Hi Edward, > > How do I make it work for Inbound if my MTA/AntiSpam does not support? Not > sure if I understood your question correctly but would appreciate if you > can shed some light on this? lets say I am on google apps. > > Google Apps I guess bydefault takes care of Incoming mail. But what if I > am using third party MTA which does not support Inbound DMARC checks? Yes > most of them do support SPF and DKIM validation but not DMARC I guess. > > Please correct me if I am wrong. > > Thanks and regards, > Blason R > > On Wed, Jan 9, 2019 at 7:00 PM Edward Siewick via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > > > Blason, > > > > Actually, consider implementing testing (SPF, DKIM) and DMARC for > > inbound. Since you've implemented for everybody else, why not put > these to > > use for your own organization? > > > > Edward S. > > > > > > On 1/8/2019 10:26 PM, Blason R via dmarc-discuss wrote: > > > > Hi DMARC Team, > > > > What I understand is DMARC is very beneficial for the mails which > are > > being sent from my domain to third party. But can we stop the emails > coming > > at me pretending to be my own domain? My assumption again here is we > can > > not and need to have AntiSpam policy to block looking at SPF and > DKIM? > > > > TIA > > Thanks and Regards > > Blason R > > > > _______________________________________________ > > dmarc-discuss mailing > listdmarc-discuss@dmarc.orghttp://www.dmarc.org/mailman/listinfo/dmarc > -discuss > > > > NOTE: Participating in this list means you agree to the DMARC Note > Well terms (http://www.dmarc.org/note_well.html) > > > > _______________________________________________ > > dmarc-discuss mailing list > > dmarc-discuss@dmarc.org > > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > > > NOTE: Participating in this list means you agree to the DMARC Note > Well > > terms (http://www.dmarc.org/note_well.html) > >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)