Awesome! I’m almost there but it’s been a long slog.
- Are you using any DMARC analysis providers, or home grown? - Are you using *aaS providers that “legitimately” spoof you? If so - how was your experience in getting them compliant? - Are you seeing unexpected reports from Google? (They seem to be reporting their own IPs as sending mail) - Does your staff participate on mailing lists? If so - how do you handle that for inbound DMARC filtering? Whitelist? My answers: - Agari - and I’ve been very happy with their support - Yes - and the hardest part has been finding someone who understands what DKIM means - once that happens things typically move quickly - Yes - it’s killing my numbers :( - TBD :/ Thanks John > On Sep 20, 2016, at 2:44 AM, Povl Hessellund Pedersen via dmarc-discuss > <dmarc-discuss@dmarc.org> wrote: > > I work in a larger enterprise, largest retailer in Denmark with branches in > multiple countries. > We have been using SPF for years now with -all > We started on DKIM / DMARC earlier this year for outbound, we are on O365. > We had some issues that are resolved. > We have moved all mass mailing / external partners to subdomains and use a > reply-to where needed. > We are doing inbound DMARC on our own addresses to stop most obvious CEO scam. > > We use O365, so we are using this header to run check against (sender domain > p=quarantine). So I can't really see the dmarc policy set by the sender, and > filter based on that. It is not available in any header. > > Authentication-Results: spf=pass (sender IP is 209.85.214.50) > smtp.mailfrom=my.test.dk; dsg.dk; dkim=pass (signature was verified) > header.d=my.test.dk;dsg.dk; dmarc=pass action=none > header.from=my.test.dk;dsg.dk; dkim=pass (signature was verified) > header.d=my.test.dk; > >> On Oct 22, 2015, at 3:43 PM, Payne, John <jpa...@akamai.com> wrote: >> >> >>> On Oct 22, 2015, at 3:36 PM, Andrew Beverley via dmarc-discuss >>> <dmarc-discuss@dmarc.org> wrote: >>> >>> On Thu, 2015-10-22 at 10:19 -0700, Franck Martin via dmarc-discuss >>> wrote: >>>> The fun is moving to ARC >>>> >>>> https://dmarc.org/2015/10/global-mailbox-providers-deploying-dmarc-to-protect-users/ >>> >>> Sad to see that Gmail plan to move to p=reject >> >> I’m hoping that it encourages the mailing list folk who have been reluctant >> to become DMARC safe to reconsider, whether thats ARC or wrapping. >> As an enterprise hoping to go p=reject, this is potentially a big deal for >> me :) > > > I’m not exactly in the loop, but besides this article almost a year ago, I > haven’t seen anything else about gmail going p=reject… and it’s now 3 months > past the advertised date. > Any word there? > > Somewhat related (to my earlier post) - are there any _enterprises_ on this > list that have experience or are currently attempting to either go p=reject > or enforce DMARC policies inbound? > > Thanks > John > > > _______________________________________________ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well terms > (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)