Can you point me to some of the tests you are running? you can do that offline.
you also want to do some testing with domains signed with DNSSEC and those without. This came up as an issue in opendmarc: https://github.com/trusteddomainproject/OpenDMARC/issues/103#issuecomment-810036114 On Mon, Apr 5, 2021 at 5:02 PM Douglas Foster < dougfoster.emailstanda...@gmail.com> wrote: > As a result of earlier discussions, I have been investigating NXDOMAIN as > an email filtering criteria. > > One question from those discussions was the best way to detect NXDOMAIN. > I realized that I needed a query which specifically returns NXDOMAIN as a > result, not simply the absence of a particular result. Additionally, a > lookup on A/AAAA with results could represent either a domain name with no > host segment, or a host segment and a parent domain.. Consequently, the > best test seems to query for type=TXT, match=domainname. > > I have applied this rule to incoming RFC5322.MailFrom addresses and found > the test to be useful. For my mail stream, 20% of the messages with > SPF=NONE have this result because of NXDOMAIN. The percentages were > roughly equal whether evaluating unique domain names or unique messages. > > While both SPF=NONE and SPF=NXDOMAIN are indicators that the message is > probably unwanted, NXDOMAIN has a higher probability of being unwanted. > > I have not yet begun evaluating NXDOMAIN on the RFC5322.From address, but > hope to get that done in the weeks ahead. > > Is anyone else collecting data on NXDOMAIN, and able to share experience? > _______________________________________________ > dmarc mailing list > dmarc@ietf.org > https://www.ietf.org/mailman/listinfo/dmarc >
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
