Another thing to consider is the increase of the deployment and implementation of dmarc reporting, as more SMTP Servers report spf/dkim failures, those numbers will also increase in the report aggregation.
My $.02 ~Jake Thank You, Jacob D. Evans Cloud Consultant 717.417.8324 From: "Denis Salicetti via dmarc-discuss" <[email protected]> To: "Matt Simerson" <[email protected]> Cc: "Denis Salicetti via dmarc-discuss" <[email protected]> Sent: Monday, January 18, 2016 10:36:58 AM Subject: Re: [dmarc-discuss] I need an advice Hi Matt, thank you very much for your kind reply. Best Regards. Denis Salicetti Avviso di riservatezza | Inviami messaggi protetti 2016-01-17 23:42 GMT+01:00 Matt Simerson < [email protected] > : This sounds quite "normal" in my experience. I started using DMARC for exactly this reason, when one of my domains experienced increased spoofing attacks. In the years since, I've witnessed this scenario play out in a dozen other domains I manage for my clients. In every case, deploying DMARC for their domain with p=reject greatly reduces the volume of bounces they receive and the reports reveal the vast majority of attacks originating in China and smattering of other IPs from around the world. Within weeks after deploying DMARC, the attacks on that domain tail off and all but one case I've seen, don't recur. Matt PS: My same size is too small to draw conclusions but it seems that shorter domain names are more likely to be abused. BQ_BEGIN On Jan 17, 2016, at 2:08 PM, Denis Salicetti via dmarc-discuss < [email protected] > wrote: Hi Guys, I have implemented DMARC for long with p=none rule with a minimal and sporadical Threat/Unknown sources, but recently I had to increase to p=quarantene and then to p=reject because I'm having a lot of Threat/Unknown sources (25% rate). It seems that lately my domain is under serious attack. I'm pretty sure I have zero impact of my legit email flow because each configuration is good, therefore every Threat/Unknown source is not legit (most of all from China). Someone more experienced of me can tell me if this rate is usual? Is there something more that I can do to minimize it? Thank you very much. Denis Salicetti Avviso di riservatezza | Inviami messaggi protetti _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms ( http://www.dmarc.org/note_well.html ) BQ_END _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
<<attachment: Evans, Jacob.vcf>>
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
