Hi Jonathan, > After further research, I think this is because failure reports aren't > actually generated for p=none, i.e., they're only generated for p=reject.
There is no such linkage. I see failure reports for domains that publish "p=none" all the time. However (unfortunately) I don't get them from from all DMARC-enabled receivers. Just as DMARC senders choose whether to deploy SPF, DKIM, or both, receivers decide individually whether or not to send failure reports. When you find somebody at a large mailbox provider who doesn't send them, who's willing and/or able to talk about it, the driver is usually liability concerns around whether or not you can send failure reports without running afoul of data/personal privacy laws in some or many jurisdictions where they operate. Speaking only for the small domains I operate, Hotmail appears to be the larges US-based mailbox provider sending failure reports - I received one from them just last week. Internationally, I'd say it's NetEase of China (notably 126.com and 163.com). However many small domain operators using the OpenDMARC milter seem to enable failure reports. > Unfortunately, the information we're getting from the aggregate > reports that various domains are sending us is not always sufficient > for us to figure out DMARC failures. Are you seeing failures for messages sent by servers you operate or authorize? Or is it more a question of identifying the various sources you don't already know about and figuring out why messages using your domain(s) are coming from them? I'm sure you can deal with the aggregate reports from a parsing perspective, but perhaps you could use some assistance with the interpretation of the data? There are a number of services listed on the resources pages at DMARC.org (link below). Most often I hear about folks starting with the free tier that dmarcian.com offers, but anybody on that list could provide assistance. >From comments in the reports, and from databases the report processors maintain, you can often get a clearer picture of traffic that's going through known forwarders or mailing list operators. (Such traffic might be expected to have authentication failures for assorted reasons you're probably already aware of.) --Steve. Products and Services: https://dmarc.org/resources/products-and-services/ _______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
