On Jun 13, 2014, at 7:18 AM, "Stephen J. Turnbull" <[email protected]> wrote: > In any case, now I wonder what they're really trying to do. They can > check for "p=reject" without sending *any* mail.
That's not an integration test. It's all automated. The answer you want is, "Can I make money now?" This is how you get the answer. The DMARC record is only part of the story, whether recipients act on it or not is just as important. The source code for spamming tools isn't hard to find, or to read. There are tutorials. It's a competitive market. Every single AS technology we've written over the years to block an exploit sees constant, low-traffic probing continue indefinitely. It works. > The way I see it, the attackers are doing this as a business. And not a small one. J _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
