At Mon, 09 Dec 2013 12:00:01 -0800, you wrote: > >Hello, > >Google suggest to set a dmarc record for domains not used to send email: >http://googleonlinesecurity.blogspot.de/2013/12/internet-wide-efforts-to-fight-email.html?m=1 > >Anybody just doing so? >Should I set simple "p=reject" or also request reports? > >Thanks >Andreas ********** REPLY SEPARATOR ********** Highly recommended. We were always suspicious that our domain was being abused, but it was not until we implemented DMARC that our suspicions were confirmed. Our situation may be a little different than most, as 15 years prior we did offer mail service to several hundred clients. Both DMARC and SPF should be set to reject, and request reports. If your domain is being badly abused, these reports may seem like a bit much at first, but over time they will gradually taper off (we now get 1 or 2 a week, mostly from China). Contrary to popular opinion, spammers are not stupid, they are just lazy, and it takes a while for them to get the idea that your domain is not worth abusing.
The other thing we did to cut down on local abuse was to implement a Pseudo SMTP Server, that rejected all incoming mail attempts after the MAIL FROM:. This setup, along with DMARC, reduced attempts to connect to our non-existent server from 5,000 to 7,000 per day to less than 200. J.A. Coutts _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
