Re: [dmarc-discuss] Increase in Forwarders Since Implementation of DMARC Reject Policy

[Roland Turner via dmarc-discuss]

This would appear to be a Dmarcian question rather than a DMARC one as the 
Threat/Unknown is a Dmarcian classification rather than a DMARC one. More 
broadly, a/some receiver(s) and/or Dmarcian would appear to have decided at 
about the time that you made your change to reclassify a bunch of mail as 
forwarded. It is possible that this happened in response to your change, but 
I'd suggest rather unlikely.


If a receiver has decided to treat a particular message/stream as being from a 
trusted forwarder (i.e. to ignore the domain registrant's policy) then there is 
probably very little that you as a domain registrant can do to address that. If 
your total message volume is sufficient to warrant it then you might consider 
talking to AMI and/or Return Path about access to failure reports from the 
receivers in question and/or website deactivation services like IID.


(I have no current commercial relationship with any of the above.)


- Roland


[https://www.trustsphere.com/images/signatures/trustsphere.gif] Roland Turner
Labs Director
Mobile: +65 9670 0022
3 Phillip Street, #13-03 Royal Group Building, Singapore 048693


[https://www.trustsphere.com/images/signatures/facebook.gif]
[https://www.trustsphere.com/images/signatures/twitter.gif] 
   
[https://www.trustsphere.com/images/signatures/linkedin.gif] 
 
[https://www.trustsphere.com/images/signatures/youtube.gif] 
  
www.trustsphere.com






From: dmarc-discuss  on behalf of John Corey 
Miller via dmarc-discuss 
Sent: Tuesday, 26 January 2016 23:36
To: dmarc-discuss@dmarc.org
Subject: [dmarc-discuss] Increase in Forwarders Since Implementation of DMARC 
Reject Policy

We have Google Apps for Business set-up with our domain name for our business.

Since making the change to fully reject mail that fails dmarc, the number of 
messages counted as coming through "Forwarders" on our dmarc reports when run 
through this tool https://dmarcian.com/dmarc-xml/ has drastically increased.  
In many cases these new "Forwarders" are the same IPs that previously were 
coming through as "Threat/Unknown" (clearly fishers.)

Does this mean that after seeing that google started rejecting their e-mails 
they changed something about how they're sending them to attempt to circumvent 
these rejections?  If so, does any action have to be taken to prevent this 
circumvention?
___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)

[dmarc-discuss] Increase in Forwarders Since Implementation of DMARC Reject Policy

[John Corey Miller via dmarc-discuss]

We have Google Apps for Business set-up with our domain name for our business.

Since making the change to fully reject mail that fails dmarc, the number of 
messages counted as coming through "Forwarders" on our dmarc reports when run 
through this tool https://dmarcian.com/dmarc-xml/ 
 has drastically increased.  In many cases 
these new "Forwarders" are the same IPs that previously were coming through as 
"Threat/Unknown" (clearly fishers.)

Does this mean that after seeing that google started rejecting their e-mails 
they changed something about how they're sending them to attempt to circumvent 
these rejections?  If so, does any action have to be taken to prevent this 
circumvention?___
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss

NOTE: Participating in this list means you agree to the DMARC Note Well terms 
(http://www.dmarc.org/note_well.html)