1. Implement p=none, identify all traffic from your domains, from and outside of your networks based on DMARC reports. You can use services from Agari / Dmarcian / Return-Path to aggregate reports and to find potential problems. 2. Fix all problems related to SPF/DKIM authentication and authentication alignment within your infrastructure and external services you use. 3. Identify legal mail flows affected by DMARC you can not control from outside of your infrastructure - e.g. known forwarders (redirectors, mailing lists, etc), external users / services who use e-mail from your domain for externally generated mail. 4. Mitigate risks for each identified category. Create whitelists for known forwarders, inform external users. In our case, as a public service we have a lot of users with mail addresses from our domains to send mail from their own web servers or via ESPs. Mail.Ru processes ~50% of Russian mail traffic and currently we show warning messages to recipients on potentially spoofed From address for any DMARC-aware domain, it forces most legal senders to stop using mail addresses they are not authorized to use via DMARC. In case of corporate / transactional domains things are bit easy.
Ben Greenfield via dmarc-discuss пишет: > Hey All, > > Forgive this naive question but what sort of preparations are people > doing for this type of change? > > Thanks, > > Ben >> On Mar 28, 2016, at 8:00 AM, Udeme Ukutt via dmarc-discuss >> <[email protected] <mailto:[email protected]>> wrote: >> >> Thanks! >> >> Udeme >> >> On Monday, March 28, 2016, Vladimir Dubrovin <[email protected] >> <mailto:[email protected]>> wrote: >> >> >> For mail.ru <http://mail.ru/> we have timeline set to June, 1. >> Before this time we will change policy for bk.ru >> <http://bk.ru/> / list.ru <http://list.ru/> / inbox.ru >> <http://inbox.ru/> domain. A final mail.ru <http://mail.ru/> date >> may be changed based on results and feedback we'll get from >> implementing strict policy for smaller domains. >> >> Udeme Ukutt пишет: >>> Thanks Vladimir. Pls what about mail.ru <http://mail.ru/>? >>> >>> Udeme >>> >>> On Friday, March 25, 2016, Vladimir Dubrovin via dmarc-discuss >>> <[email protected]> wrote: >>> >>> >>> Hello list. >>> >>> Mail.Ru scheduled switching to p=reject DMARC policy on >>> March, 29 2016 for >>> >>> mail.ua <http://mail.ua/> >>> corp.mail.ru <http://corp.mail.ru/> >>> >>> domains. Please adjust your configuration, if required. >>> >>> -- >>> Vladimir Dubrovin >>> @Mail.Ru >>> _______________________________________________ >>> dmarc-discuss mailing list >>> [email protected] >>> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >>> >>> NOTE: Participating in this list means you agree to the >>> DMARC Note Well terms (http://www.dmarc.org/note_well.html) >>> >>> >>> >>> -- >>> Sent from my iDevice; kindly excuse any typos. >> >> >> -- >> Vladimir Dubrovin >> <ghajgahf.png> >> >> >> >> -- >> Sent from my iDevice; kindly excuse any typos. >> _______________________________________________ >> dmarc-discuss mailing list >> [email protected] <mailto:[email protected]> >> http://www.dmarc.org/mailman/listinfo/dmarc-discuss >> >> NOTE: Participating in this list means you agree to the DMARC Note >> Well terms (http://www.dmarc.org/note_well.html) > > > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) -- Vladimir Dubrovin @Mail.Ru
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
