If you report for take down the URLs you get from the failure reports... Also until you moved to p=reject they would not have noticed a decrease in their success rates... Once it is not worth it, they will move to a softer target, or use a different method to achieve their goals.
On Mon, Jan 18, 2016 at 3:54 PM, Denis Salicetti via dmarc-discuss < [email protected]> wrote: > Hi Jacob, > thank you for your right consideration about the increase of the > deployment and implementation of DMARC reporting, because I think for me it > will be useful for a better assessment in future. > > In this particular moment though, DMARC reporting for my domain is more o > less the same of always. > > Best Regards. > > *Denis Salicetti* <http://linkedin.salicetti.it/> > > Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti > <http://goo.gl/LbhIoi> > > 15251a1f17561224 > > 2016-01-18 16:46 GMT+01:00 Jacob Evans <[email protected]>: > > Another thing to consider is the increase of the deployment and >> implementation of dmarc reporting, as more SMTP Servers report spf/dkim >> failures, those numbers will also increase in the report aggregation. >> >> My $.02 >> ~Jake >> >> Thank You, >> >> Jacob D. Evans >> Cloud Consultant >> 717.417.8324 >> <http://twitter.jacobdevans.com> <http://facebook.jacobdevans.com> >> <http://www.jacobdevans.com> <http://linkedin.jacobdevans.com> >> <[email protected]> >> >> ------------------------------ >> *From: *"Denis Salicetti via dmarc-discuss" <[email protected]> >> *To: *"Matt Simerson" <[email protected]> >> *Cc: *"Denis Salicetti via dmarc-discuss" <[email protected]> >> *Sent: *Monday, January 18, 2016 10:36:58 AM >> *Subject: *Re: [dmarc-discuss] I need an advice >> >> Hi Matt, >> thank you very much for your kind reply. >> >> Best Regards. >> >> *Denis Salicetti* <http://linkedin.salicetti.it/> >> >> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti >> <http://goo.gl/LbhIoi> >> >> 2016-01-17 23:42 GMT+01:00 Matt Simerson <[email protected]>: >> >>> This sounds quite "normal" in my experience. >>> >>> I started using DMARC for exactly this reason, when one of my domains >>> experienced increased spoofing attacks. In the years since, I've witnessed >>> this scenario play out in a dozen other domains I manage for my clients. In >>> every case, deploying DMARC for their domain with p=reject greatly reduces >>> the volume of bounces they receive and the reports reveal the vast majority >>> of attacks originating in China and smattering of other IPs from around the >>> world. Within weeks after deploying DMARC, the attacks on that domain tail >>> off and all but one case I've seen, don't recur. >>> >>> Matt >>> >>> PS: My same size is too small to draw conclusions but it seems that >>> shorter domain names are more likely to be abused. >>> >>> On Jan 17, 2016, at 2:08 PM, Denis Salicetti via dmarc-discuss < >>> [email protected]> wrote: >>> >>> Hi Guys, >>> I have implemented DMARC for long with p=none rule with a minimal and >>> sporadical Threat/Unknown sources, but recently I had to increase to >>> p=quarantene and then to p=reject because I'm having a lot >>> of Threat/Unknown sources (25% rate). >>> It seems that lately my domain is under serious attack. I'm pretty sure >>> I have zero impact of my legit email flow because each configuration is >>> good, therefore every Threat/Unknown source is not legit (most of all from >>> China). >>> >>> Someone more experienced of me can tell me if this rate is usual? Is >>> there something more that I can do to minimize it? >>> >>> Thank you very much. >>> >>> *Denis Salicetti* <http://linkedin.salicetti.it/> >>> >>> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti >>> <http://goo.gl/LbhIoi> >>> _______________________________________________ >>> dmarc-discuss mailing list >>> [email protected] >>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>> >>> NOTE: Participating in this list means you agree to the DMARC Note Well >>> terms (http://www.dmarc.org/note_well.html) >>> >>> >>> >> >> _______________________________________________ >> dmarc-discuss mailing list >> [email protected] >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
