On 01/30/2014 10:38 PM, Mike Jones wrote:
[The] thing about spoofing is that one never knows when one will become a victim. We often see domains that go periods of time without a spoofing issue and then are hit hard on one day.
I'd like to reinforce this point from experience as a domain owner. At a major financial institution, we put SPF "-all" and DMARC "p=reject" records on some domains that had been retired a several years earlier. These domains seldom saw more than 1,000 messages per month - again, none from or authorized by the owning organization - but they were prominent names you would recognize, and this seemed like a prudent precaution.
Sure enough, one holiday weekend somebody tried to send over 1.75 million messages using one of these domains. While we surely weren't receiving reports from every domain receiving the spoofed messages, from the receivers that did report - including Microsoft, AOL, Google, and Yahoo - over 99.5% of those messages never reached an inbox. And I can tell you, we did not see blocking rates that high from similar domains where we had not put DMARC policies in place, no matter how lame the fraudulent messages were.
--Steve. _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
