If you have p=none, then the email is accepted regardless where it comes from.
Once you put p!=none, then the email may be rejected unless it is coming from known forwarders, in this case this flag is raised to let you know the email should have been rejected but was accepted nevertheless because it is coming from a known forwarder. I took a different approach to indicate the exceptions when DMARC fails, even for p=none. It requires additional compute time. You can see it at https://github.com/linkedin/dmarc-msys/blob/master/dmarc.lua#L685 So it will all depend on how the receiver handles the exceptions to the DMARC policy. On Mon, Feb 1, 2016 at 7:54 AM, Ben Greenfield via dmarc-discuss < [email protected]> wrote: > > > On Jan 31, 2016, at 5:16 AM, Ben Greenfield via dmarc-discuss < > [email protected]> wrote: > > > > I finally got my google reports for the past 2 days and I was able to > run them through dmarcian.com. > > > > I would say it takes about a week for a newly dmarc’ed domain to be > pulled from the spambots to drop a domain. > > > > Since configuring dmarc started out with 4260 forwarders > threat/unknown’s on 1/21 to a high of 10,025 on 1/27 moving to 181 for > 1/30. > > That 81 has no morphed in 2034 and for 1/31 I’m up to 2579 forwarders and > threats unknown. > > Ben > > > > > > I like that trend. > > > > Thanks, > > > > Ben > > > > > >> On Jan 27, 2016, at 7:45 PM, John Corey Miller via dmarc-discuss < > [email protected]> wrote: > >> > >> Thanks Tim! > >> > >> I currently don’t have a dmarcian account, I just use the site as a > resource for your tools and information. I could join up tomorrow when I > get into work if it would help you solve this problem. Our DKIM records > had to be changed just a couple of days prior to going to full reject if > that might have caused this… but drastic measures had to be taken as our > dmarc reports were showing something like 80-95% was straight up junk. > >> > >> Thanks, > >> John Miller > >> > >>> On Jan 27, 2016, at 6:51 PM, Tim Draegen via dmarc-discuss < > [email protected]> wrote: > >>> > >>>> On Jan 26, 2016, at 10:36 AM, John Corey Miller via dmarc-discuss < > [email protected]> wrote: > >>>> > >>>> We have Google Apps for Business set-up with our domain name for our > business. > >>>> > >>>> Since making the change to fully reject mail that fails dmarc, the > number of messages counted as coming through "Forwarders" on our dmarc > reports when run through this tool https://dmarcian.com/dmarc-xml/ has > drastically increased. In many cases these new "Forwarders" are the same > IPs that previously were coming through as "Threat/Unknown" (clearly > fishers.) > >>>> > >>>> Does this mean that after seeing that google started rejecting their > e-mails they changed something about how they're sending them to attempt to > circumvent these rejections? If so, does any action have to be taken to > prevent this circumvention? > >>> > >>> > >>> Hi John, > >>> > >>> FWIW, you can email [email protected] with any dmarcian-related > questions. I spend a lot of time there answering questions.. which is a > bit easier as then I can look & comment about your data! > >>> > >>> That said, some replies to this thread are likely true. If you're > seeing the "forwarded" flag explicitly set, then this means the receiver in > question accepted the email regardless of your published policy, as they > understand the email to..well, be forwarded. > >>> > >>> It is not exactly common, but over the past few years certain > spammers/phishers have figured out how to exploit servers that are being > recognized as "forwarders" by the big players. Once these servers are > identified, they try to deliver as much crap as they can before being > stopped. And... the cycle continues. > >>> > >>> A different idea is that "reject" happened after putting in place DKIM > signatures. The dmarcian site does a better job identifying "Forwarders" > (as a category, and not as a flag in XML) when DKIM is in place. So if you > did DKIM and reject at ~same time, this might be a factor. However, if > you're seeing junk from all over the world, it's worth dropping a note to > [email protected] and we'll package up your data along with a note to > the bigger players to plug their holes. > >>> > >>> =- Tim > >>> > >>> _______________________________________________ > >>> dmarc-discuss mailing list > >>> [email protected] > >>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss > >>> > >>> NOTE: Participating in this list means you agree to the DMARC Note > Well terms (http://www.dmarc.org/note_well.html) > >> > >> > >> _______________________________________________ > >> dmarc-discuss mailing list > >> [email protected] > >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss > >> > >> NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > > > > > > _______________________________________________ > > dmarc-discuss mailing list > > [email protected] > > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
