There are a couple of possibilities. 1. There used to be secret backchannel agreements between ISPs to treat certain domains as if they were p=reject. Some of this even predates the DMARC spec. Could be the case here. 2. Some filter authors got too zealous and are treating p=none as if it were p=reject. 3. Some filters come down really hard on an auth failure, regardless of DMARC.
We've run into this as well and in our application we deal with it by having a DMARC table. We add domains to the DMARC table automatically if they have a p=reject policy. But we can also add domains manually to it, if it is in the domain owner's or users' best interest. Then we rewrite headers for mail from that email domain as needed. You might want to do the same. Where this came in really handy lately is that a big client wants to go to p=reject but isn't there yet. Right now they're just auditing, and they see a lot of traffic that would bounce under p=reject due to how our system handles forwarding of some replies. We dropped their name into the DMARC table, and now that mail no longer uses their domain, and it no longer shows up on their audit report, and thus that particular mail forwarding scenario is solved, even before they went to p=reject. In my personal mailing list manager I also have a short list of domains that I treat as though they are p=reject, regardless of the true domain setting. I have found (anecdotally) that list mail from some domains failing DMARC are more likely to go to spam at Gmail even if p=none. Treating them as p=reject is one possible way to address this. Hope that helps. Regards, Al Iverson -- Al Iverson www.aliverson.com (312)725-0130 On Thu, Mar 23, 2017 at 1:01 PM, Mark Fletcher via dmarc-discuss <[email protected]> wrote: > Hi All, > > One of our mailing list members, with a netscape.net email address, is > getting DMARC bounces. That domain is set to p=none. Because of this we > don't re-write her From lines. The netscape.net MX points to AOL, which we > know does reject. And we're seeing AOL DMARC bounces for her messages. > > It seems to me that we need to treat netscape.net addresses as p=reject, as > they seem to have misconfigured their DMARC record. Or am I misunderstanding > what's happening (completely possible)? > > Thanks, > Mark > > _______________________________________________ > dmarc-discuss mailing list > [email protected] > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
