Hi Franck, you were right. After a couple of weeks introducing reject policy, I noticed a decrease of Threat/Unknown sources and now I get just a few of those. It worked!
Thank you very much. *Denis Salicetti* <http://linkedin.salicetti.it/> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti <http://goo.gl/LbhIoi> 2016-01-19 23:13 GMT+01:00 Franck Martin <fmar...@linkedin.com>: > If you report for take down the URLs you get from the failure reports... > Also until you moved to p=reject they would not have noticed a decrease in > their success rates... Once it is not worth it, they will move to a softer > target, or use a different method to achieve their goals. > > On Mon, Jan 18, 2016 at 3:54 PM, Denis Salicetti via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > >> Hi Jacob, >> thank you for your right consideration about the increase of the >> deployment and implementation of DMARC reporting, because I think for me it >> will be useful for a better assessment in future. >> >> In this particular moment though, DMARC reporting for my domain is more o >> less the same of always. >> >> Best Regards. >> >> *Denis Salicetti* <http://linkedin.salicetti.it/> >> >> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti >> <http://goo.gl/LbhIoi> >> >> 15251a1f17561224 >> >> 2016-01-18 16:46 GMT+01:00 Jacob Evans <dmarc-li...@jacobdevans.com>: >> >> Another thing to consider is the increase of the deployment and >>> implementation of dmarc reporting, as more SMTP Servers report spf/dkim >>> failures, those numbers will also increase in the report aggregation. >>> >>> My $.02 >>> ~Jake >>> >>> Thank You, >>> >>> Jacob D. Evans >>> Cloud Consultant >>> 717.417.8324 >>> <http://twitter.jacobdevans.com> <http://facebook.jacobdevans.com> >>> <http://www.jacobdevans.com> <http://linkedin.jacobdevans.com> >>> <sig-cont...@jacobdevans.com> >>> >>> ------------------------------ >>> *From: *"Denis Salicetti via dmarc-discuss" <dmarc-discuss@dmarc.org> >>> *To: *"Matt Simerson" <m...@tnpi.net> >>> *Cc: *"Denis Salicetti via dmarc-discuss" <dmarc-discuss@dmarc.org> >>> *Sent: *Monday, January 18, 2016 10:36:58 AM >>> *Subject: *Re: [dmarc-discuss] I need an advice >>> >>> Hi Matt, >>> thank you very much for your kind reply. >>> >>> Best Regards. >>> >>> *Denis Salicetti* <http://linkedin.salicetti.it/> >>> >>> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti >>> <http://goo.gl/LbhIoi> >>> >>> 2016-01-17 23:42 GMT+01:00 Matt Simerson <m...@tnpi.net>: >>> >>>> This sounds quite "normal" in my experience. >>>> >>>> I started using DMARC for exactly this reason, when one of my domains >>>> experienced increased spoofing attacks. In the years since, I've witnessed >>>> this scenario play out in a dozen other domains I manage for my clients. In >>>> every case, deploying DMARC for their domain with p=reject greatly reduces >>>> the volume of bounces they receive and the reports reveal the vast majority >>>> of attacks originating in China and smattering of other IPs from around the >>>> world. Within weeks after deploying DMARC, the attacks on that domain tail >>>> off and all but one case I've seen, don't recur. >>>> >>>> Matt >>>> >>>> PS: My same size is too small to draw conclusions but it seems that >>>> shorter domain names are more likely to be abused. >>>> >>>> On Jan 17, 2016, at 2:08 PM, Denis Salicetti via dmarc-discuss < >>>> dmarc-discuss@dmarc.org> wrote: >>>> >>>> Hi Guys, >>>> I have implemented DMARC for long with p=none rule with a minimal and >>>> sporadical Threat/Unknown sources, but recently I had to increase to >>>> p=quarantene and then to p=reject because I'm having a lot >>>> of Threat/Unknown sources (25% rate). >>>> It seems that lately my domain is under serious attack. I'm pretty sure >>>> I have zero impact of my legit email flow because each configuration is >>>> good, therefore every Threat/Unknown source is not legit (most of all from >>>> China). >>>> >>>> Someone more experienced of me can tell me if this rate is usual? Is >>>> there something more that I can do to minimize it? >>>> >>>> Thank you very much. >>>> >>>> *Denis Salicetti* <http://linkedin.salicetti.it/> >>>> >>>> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi >>>> protetti <http://goo.gl/LbhIoi> >>>> _______________________________________________ >>>> dmarc-discuss mailing list >>>> dmarc-discuss@dmarc.org >>>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>>> >>>> NOTE: Participating in this list means you agree to the DMARC Note Well >>>> terms (http://www.dmarc.org/note_well.html) >>>> >>>> >>>> >>> >>> _______________________________________________ >>> dmarc-discuss mailing list >>> dmarc-discuss@dmarc.org >>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>> >>> NOTE: Participating in this list means you agree to the DMARC Note Well >>> terms (http://www.dmarc.org/note_well.html) >>> >> >> >> _______________________________________________ >> dmarc-discuss mailing list >> dmarc-discuss@dmarc.org >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note Well >> terms (http://www.dmarc.org/note_well.html) >> > >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
