Yes, most certainly. While generally the override’s minimize false positives by delivering legitimate mail which is failing SPF/DKIM due to forwarding or mailing lists, there are cases where the overrides are applied to malicious mail. The details vary from sender to sender, malicious campaign to malicious campaign, month to month and receiver to receiver. There have been roughly two years or investigations, bug fixes and analysis to try to improve the situation across a number of receivers. It will continue.
I’d encourage folks not to overly generalize based on a limited number of data points. I’ve seen cases of terribly erroneous delivery of malicious email due to overrides and I’ve seen miraculous overrides that avoided rejecting mail from a critical sender. The real world is not status nor simple. The good news is that (absent a host of bugs and reporting details) the senders have visibility into overrides as they are reported in detail in the aggregate data. You can monitor overrides, be alerted, see what’s being overridden, etc etc so you have full visibility. pat On Jul 31, 2014, at 3:31 PM, Norman, Jean Marie via dmarc-discuss <[email protected]> wrote: > Has anyone experienced unauthenticated emails being delivered to Google > recipients despite having a DMARC policy (quarantine or reject) in place? We > have seen evidence that unauthenticated emails (not passing both SPF and > DKIM) are being delivered to Google, despite a DMARC policy, when messages > pass through a ‘forwarder’, as noted by Google. We are trying to better > understand this behavior and whether or not anyone has found a solution? Any > insight or recommendations would be appreciated. > > Thanks, > > Jean Marie Norman, CISSP | Visa Inc. | Information Security | Digital Crimes > o: (571) 439-7091 | c: (571) 439-0604| f: (650) 554-4580 |e: [email protected] > > NOTICE: The information contained in this transmission (including any > attachments) is confidential and may be privileged. It is intended only for > the use of the individual or entity named above. If you are not the intended > recipient, dissemination, distribution, or copy of this communication is > strictly prohibited. If you have received this communication in error, please > erase all copies of this message and its attachments and notify me > immediately. > > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html)
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
