> On Jan 31, 2016, at 5:16 AM, Ben Greenfield via dmarc-discuss > <[email protected]> wrote: > > I finally got my google reports for the past 2 days and I was able to run > them through dmarcian.com. > > I would say it takes about a week for a newly dmarc’ed domain to be pulled > from the spambots to drop a domain. > > Since configuring dmarc started out with 4260 forwarders threat/unknown’s on > 1/21 to a high of 10,025 on 1/27 moving to 181 for 1/30.
That 81 has no morphed in 2034 and for 1/31 I’m up to 2579 forwarders and threats unknown. Ben > > I like that trend. > > Thanks, > > Ben > > >> On Jan 27, 2016, at 7:45 PM, John Corey Miller via dmarc-discuss >> <[email protected]> wrote: >> >> Thanks Tim! >> >> I currently don’t have a dmarcian account, I just use the site as a resource >> for your tools and information. I could join up tomorrow when I get into >> work if it would help you solve this problem. Our DKIM records had to be >> changed just a couple of days prior to going to full reject if that might >> have caused this… but drastic measures had to be taken as our dmarc reports >> were showing something like 80-95% was straight up junk. >> >> Thanks, >> John Miller >> >>> On Jan 27, 2016, at 6:51 PM, Tim Draegen via dmarc-discuss >>> <[email protected]> wrote: >>> >>>> On Jan 26, 2016, at 10:36 AM, John Corey Miller via dmarc-discuss >>>> <[email protected]> wrote: >>>> >>>> We have Google Apps for Business set-up with our domain name for our >>>> business. >>>> >>>> Since making the change to fully reject mail that fails dmarc, the number >>>> of messages counted as coming through "Forwarders" on our dmarc reports >>>> when run through this tool https://dmarcian.com/dmarc-xml/ has drastically >>>> increased. In many cases these new "Forwarders" are the same IPs that >>>> previously were coming through as "Threat/Unknown" (clearly fishers.) >>>> >>>> Does this mean that after seeing that google started rejecting their >>>> e-mails they changed something about how they're sending them to attempt >>>> to circumvent these rejections? If so, does any action have to be taken >>>> to prevent this circumvention? >>> >>> >>> Hi John, >>> >>> FWIW, you can email [email protected] with any dmarcian-related >>> questions. I spend a lot of time there answering questions.. which is a >>> bit easier as then I can look & comment about your data! >>> >>> That said, some replies to this thread are likely true. If you're seeing >>> the "forwarded" flag explicitly set, then this means the receiver in >>> question accepted the email regardless of your published policy, as they >>> understand the email to..well, be forwarded. >>> >>> It is not exactly common, but over the past few years certain >>> spammers/phishers have figured out how to exploit servers that are being >>> recognized as "forwarders" by the big players. Once these servers are >>> identified, they try to deliver as much crap as they can before being >>> stopped. And... the cycle continues. >>> >>> A different idea is that "reject" happened after putting in place DKIM >>> signatures. The dmarcian site does a better job identifying "Forwarders" >>> (as a category, and not as a flag in XML) when DKIM is in place. So if you >>> did DKIM and reject at ~same time, this might be a factor. However, if >>> you're seeing junk from all over the world, it's worth dropping a note to >>> [email protected] and we'll package up your data along with a note to >>> the bigger players to plug their holes. >>> >>> =- Tim >>> >>> _______________________________________________ >>> dmarc-discuss mailing list >>> [email protected] >>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>> >>> NOTE: Participating in this list means you agree to the DMARC Note Well >>> terms (http://www.dmarc.org/note_well.html) >> >> >> _______________________________________________ >> dmarc-discuss mailing list >> [email protected] >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
