This sounds quite "normal" in my experience. I started using DMARC for exactly this reason, when one of my domains experienced increased spoofing attacks. In the years since, I've witnessed this scenario play out in a dozen other domains I manage for my clients. In every case, deploying DMARC for their domain with p=reject greatly reduces the volume of bounces they receive and the reports reveal the vast majority of attacks originating in China and smattering of other IPs from around the world. Within weeks after deploying DMARC, the attacks on that domain tail off and all but one case I've seen, don't recur.
Matt PS: My same size is too small to draw conclusions but it seems that shorter domain names are more likely to be abused. > On Jan 17, 2016, at 2:08 PM, Denis Salicetti via dmarc-discuss > <[email protected]> wrote: > > Hi Guys, > I have implemented DMARC for long with p=none rule with a minimal and > sporadical Threat/Unknown sources, but recently I had to increase to > p=quarantene and then to p=reject because I'm having a lot of Threat/Unknown > sources (25% rate). > It seems that lately my domain is under serious attack. I'm pretty sure I > have zero impact of my legit email flow because each configuration is good, > therefore every Threat/Unknown source is not legit (most of all from China). > > Someone more experienced of me can tell me if this rate is usual? Is there > something more that I can do to minimize it? > > Thank you very much. > > Denis Salicetti <http://linkedin.salicetti.it/> > > Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti > <http://goo.gl/LbhIoi>_______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html)
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
