> On Feb 10, 2016, at 1:55 AM, Roland Turner via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > I'd suggest a few things: > > - You're looking a little too closely at daily changes, particularly around > implementation time. Allow the thing some time to settle, perhaps a month, > before considering next steps. Bear in mind that there are multiple, > independent good and evil actors here, each reacting to the others all the > time. This will take time to settle, a single day's (or week's) change is > unlikely to be actionable. Note in particular that the larger receivers are > almost certainly comparing their user feedback ("This is [not] Spam") with > your DMARC policy ([un]authenticated messages that get reported as > [not-]spam) as an input to their decision making. On the fairly small numbers > that you're talking about, this calculation could take weeks to converge.
DMARC certainly provides another view into what is happening. I think what you are saying is that my small traffic volume 15,000 messages are such a small blip in the spammers world they will be doing some monthly analysis to notice and adjust their routine accordingly. > - The Forwarder and Threat/Unknown categories in Dmarcian are a mix of > probabilistic assessments by email-receivers and by Dmarcian, not a reliable > indication of what the email messages in question contain. Yes, I have tracked legitimate emails through all the Dmarcian categories. > They're interesting, but don't get hypnotised by them. Looking forward to a drop off in traffic to break the spell... > - How much is on-domain (vs. cousin-domain) impersonation costing you in > fraud/support/churn losses? If it's costing you thousands of dollars a month, > then by all means bring in the professionals. If you can't price it, or you > haven't done so yet, or it's a trivial amount, then you're probably done. That is good to know since nobody is directly paying to do this. I imagine that I should just keep an eye on ARC and I could always become an early adopter of that as way to improve things. Thank you for taking the time to give me some perspective. Ben > > - Roland > > > Roland Turner > Labs Director > Mobile: +65 9670 0022 > 3 Phillip Street, #13-03 Royal Group Building, Singapore 048693 > ________________________________ > > www.trustsphere.com > > > > > ________________________________________ > From: dmarc-discuss <dmarc-discuss-boun...@dmarc.org> on behalf of Ben > Greenfield via dmarc-discuss <dmarc-discuss@dmarc.org> > Sent: Sunday, 7 February 2016 18:42 > To: dmarc-discuss > Subject: [dmarc-discuss] Experience 16 days with DMARC > > First off I think DMARC is great and I’m happy with and want to try to use > the information to protect my domain name. > > I have been using dmarcian.com to analyze the reports and any terminology I > use should be considered in the context of their tools. Their tools are all I > know… so far. > > Since I started receiving DMARC reports and tracked down a few specific > domain names from DMARC reports to actual emails, I’m comfortable with most > of the traffic I see in Forwarders categories and it’s great to see some with > 100% DKIM survival. > > I’m assuming that most of the servers in the category of forwarder are just > moving mail around the world. > > Threat/Unknown I take this to mean emails that have my domain in the from > field and our trying to delivery the forged email. > > This had fluctuated from around 4200 when I started on jan. 22nd to a low of > 1900 email on jan. 30th this had a steady climb of up to 5985 on feb. 4th > before spiking to 15,516 on feb. 5th. > > I see these fluctuations reflected in spam cop’s spam volume. Almost all the > heavy traffic is coming from in order: > > Vietnam > India > Brazil > UA > Russia > > > Is there anything I should be doing to try to clean up this problem? > Is DMARC the best I can do right now? > > Thanks, > Ben > > > > > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)