> On Feb 10, 2016, at 1:55 AM, Roland Turner via dmarc-discuss
> <dmarc-discuss@dmarc.org> wrote:
>
> I'd suggest a few things:
>
> - You're looking a little too closely at daily changes, particularly around
> implementation time. Allow the thing some time to settle, perhaps a month,
> before considering next steps. Bear in mind that there are multiple,
> independent good and evil actors here, each reacting to the others all the
> time. This will take time to settle, a single day's (or week's) change is
> unlikely to be actionable. Note in particular that the larger receivers are
> almost certainly comparing their user feedback ("This is [not] Spam") with
> your DMARC policy ([un]authenticated messages that get reported as
> [not-]spam) as an input to their decision making. On the fairly small numbers
> that you're talking about, this calculation could take weeks to converge.
DMARC certainly provides another view into what is happening. I think what you
are saying is that my small traffic volume 15,000 messages are such a small
blip in the spammers world they will be doing some monthly analysis to notice
and adjust their routine accordingly.
> - The Forwarder and Threat/Unknown categories in Dmarcian are a mix of
> probabilistic assessments by email-receivers and by Dmarcian, not a reliable
> indication of what the email messages in question contain.
Yes, I have tracked legitimate emails through all the Dmarcian categories.
> They're interesting, but don't get hypnotised by them.
Looking forward to a drop off in traffic to break the spell...
> - How much is on-domain (vs. cousin-domain) impersonation costing you in
> fraud/support/churn losses? If it's costing you thousands of dollars a month,
> then by all means bring in the professionals. If you can't price it, or you
> haven't done so yet, or it's a trivial amount, then you're probably done.
That is good to know since nobody is directly paying to do this. I imagine that
I should just keep an eye on ARC and I could always become an early adopter of
that as way to improve things.
Thank you for taking the time to give me some perspective.
Ben
>
> - Roland
>
>
> Roland Turner
> Labs Director
> Mobile: +65 9670 0022
> 3 Phillip Street, #13-03 Royal Group Building, Singapore 048693
> ________________________________
>
> www.trustsphere.com
>
>
>
>
> ________________________________________
> From: dmarc-discuss <dmarc-discuss-boun...@dmarc.org> on behalf of Ben
> Greenfield via dmarc-discuss <dmarc-discuss@dmarc.org>
> Sent: Sunday, 7 February 2016 18:42
> To: dmarc-discuss
> Subject: [dmarc-discuss] Experience 16 days with DMARC
>
> First off I think DMARC is great and I’m happy with and want to try to use
> the information to protect my domain name.
>
> I have been using dmarcian.com to analyze the reports and any terminology I
> use should be considered in the context of their tools. Their tools are all I
> know… so far.
>
> Since I started receiving DMARC reports and tracked down a few specific
> domain names from DMARC reports to actual emails, I’m comfortable with most
> of the traffic I see in Forwarders categories and it’s great to see some with
> 100% DKIM survival.
>
> I’m assuming that most of the servers in the category of forwarder are just
> moving mail around the world.
>
> Threat/Unknown I take this to mean emails that have my domain in the from
> field and our trying to delivery the forged email.
>
> This had fluctuated from around 4200 when I started on jan. 22nd to a low of
> 1900 email on jan. 30th this had a steady climb of up to 5985 on feb. 4th
> before spiking to 15,516 on feb. 5th.
>
> I see these fluctuations reflected in spam cop’s spam volume. Almost all the
> heavy traffic is coming from in order:
>
> Vietnam
> India
> Brazil
> UA
> Russia
>
>
> Is there anything I should be doing to try to clean up this problem?
> Is DMARC the best I can do right now?
>
> Thanks,
> Ben
>
>
>
>
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss@dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note Well terms
> (http://www.dmarc.org/note_well.html)
>
> _______________________________________________
> dmarc-discuss mailing list
> dmarc-discuss@dmarc.org
> http://www.dmarc.org/mailman/listinfo/dmarc-discuss
>
> NOTE: Participating in this list means you agree to the DMARC Note Well terms
> (http://www.dmarc.org/note_well.html)
_______________________________________________
dmarc-discuss mailing list
dmarc-discuss@dmarc.org
http://www.dmarc.org/mailman/listinfo/dmarc-discuss
NOTE: Participating in this list means you agree to the DMARC Note Well terms
(http://www.dmarc.org/note_well.html)
