My pleasure, now watch out for Business Email Compromise (BEC) and Account Take Over (ATO). Your domain is hosted via Google Apps, as they use DMARC to filter incoming emails, now nobody can inject into your system an email that would look like internal (as per your domain name), this will help a lot.
On Tue, Feb 9, 2016 at 2:01 AM, Denis Salicetti via dmarc-discuss < [email protected]> wrote: > Hi Franck, > you were right. After a couple of weeks introducing reject policy, I > noticed a decrease of Threat/Unknown sources and now I get just a few of > those. It worked! > > Thank you very much. > > *Denis Salicetti* <http://linkedin.salicetti.it/> > > Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti > <http://goo.gl/LbhIoi> > > 2016-01-19 23:13 GMT+01:00 Franck Martin <[email protected]>: > >> If you report for take down the URLs you get from the failure reports... >> Also until you moved to p=reject they would not have noticed a decrease in >> their success rates... Once it is not worth it, they will move to a softer >> target, or use a different method to achieve their goals. >> >> On Mon, Jan 18, 2016 at 3:54 PM, Denis Salicetti via dmarc-discuss < >> [email protected]> wrote: >> >>> Hi Jacob, >>> thank you for your right consideration about the increase of the >>> deployment and implementation of DMARC reporting, because I think for me it >>> will be useful for a better assessment in future. >>> >>> In this particular moment though, DMARC reporting for my domain is more >>> o less the same of always. >>> >>> Best Regards. >>> >>> *Denis Salicetti* <http://linkedin.salicetti.it/> >>> >>> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi protetti >>> <http://goo.gl/LbhIoi> >>> >>> 15251a1f17561224 >>> >>> 2016-01-18 16:46 GMT+01:00 Jacob Evans <[email protected]>: >>> >>> Another thing to consider is the increase of the deployment and >>>> implementation of dmarc reporting, as more SMTP Servers report spf/dkim >>>> failures, those numbers will also increase in the report aggregation. >>>> >>>> My $.02 >>>> ~Jake >>>> >>>> Thank You, >>>> >>>> Jacob D. Evans >>>> Cloud Consultant >>>> 717.417.8324 >>>> <http://twitter.jacobdevans.com> <http://facebook.jacobdevans.com> >>>> <http://www.jacobdevans.com> <http://linkedin.jacobdevans.com> >>>> <[email protected]> >>>> >>>> ------------------------------ >>>> *From: *"Denis Salicetti via dmarc-discuss" <[email protected]> >>>> *To: *"Matt Simerson" <[email protected]> >>>> *Cc: *"Denis Salicetti via dmarc-discuss" <[email protected]> >>>> *Sent: *Monday, January 18, 2016 10:36:58 AM >>>> *Subject: *Re: [dmarc-discuss] I need an advice >>>> >>>> Hi Matt, >>>> thank you very much for your kind reply. >>>> >>>> Best Regards. >>>> >>>> *Denis Salicetti* <http://linkedin.salicetti.it/> >>>> >>>> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi >>>> protetti <http://goo.gl/LbhIoi> >>>> >>>> 2016-01-17 23:42 GMT+01:00 Matt Simerson <[email protected]>: >>>> >>>>> This sounds quite "normal" in my experience. >>>>> >>>>> I started using DMARC for exactly this reason, when one of my domains >>>>> experienced increased spoofing attacks. In the years since, I've witnessed >>>>> this scenario play out in a dozen other domains I manage for my clients. >>>>> In >>>>> every case, deploying DMARC for their domain with p=reject greatly reduces >>>>> the volume of bounces they receive and the reports reveal the vast >>>>> majority >>>>> of attacks originating in China and smattering of other IPs from around >>>>> the >>>>> world. Within weeks after deploying DMARC, the attacks on that domain tail >>>>> off and all but one case I've seen, don't recur. >>>>> >>>>> Matt >>>>> >>>>> PS: My same size is too small to draw conclusions but it seems that >>>>> shorter domain names are more likely to be abused. >>>>> >>>>> On Jan 17, 2016, at 2:08 PM, Denis Salicetti via dmarc-discuss < >>>>> [email protected]> wrote: >>>>> >>>>> Hi Guys, >>>>> I have implemented DMARC for long with p=none rule with a minimal and >>>>> sporadical Threat/Unknown sources, but recently I had to increase to >>>>> p=quarantene and then to p=reject because I'm having a lot >>>>> of Threat/Unknown sources (25% rate). >>>>> It seems that lately my domain is under serious attack. I'm pretty >>>>> sure I have zero impact of my legit email flow because each configuration >>>>> is good, therefore every Threat/Unknown source is not legit (most of all >>>>> from China). >>>>> >>>>> Someone more experienced of me can tell me if this rate is usual? Is >>>>> there something more that I can do to minimize it? >>>>> >>>>> Thank you very much. >>>>> >>>>> *Denis Salicetti* <http://linkedin.salicetti.it/> >>>>> >>>>> Avviso di riservatezza <http://goo.gl/zS2xL> | Inviami messaggi >>>>> protetti <http://goo.gl/LbhIoi> >>>>> _______________________________________________ >>>>> dmarc-discuss mailing list >>>>> [email protected] >>>>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>>>> >>>>> NOTE: Participating in this list means you agree to the DMARC Note >>>>> Well terms (http://www.dmarc.org/note_well.html) >>>>> >>>>> >>>>> >>>> >>>> _______________________________________________ >>>> dmarc-discuss mailing list >>>> [email protected] >>>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>>> >>>> NOTE: Participating in this list means you agree to the DMARC Note Well >>>> terms (http://www.dmarc.org/note_well.html) >>>> >>> >>> >>> _______________________________________________ >>> dmarc-discuss mailing list >>> [email protected] >>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>> >>> NOTE: Participating in this list means you agree to the DMARC Note Well >>> terms (http://www.dmarc.org/note_well.html) >>> >> >> > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) >
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
