Murray, here is some data: (I only receive IP4 data and my tool did not check AAAA)
Sample size: 3643 messages from 780 unique From domains 611 domains (78%) passed validation using DMARC criteria (DMARC policies were not checked) 599 of 611 (98%) DMARC-verified domains also had MX or A records 12 DMARC-verified domains did not have MX or A records. Of these 12: - 8 had NS records and were judged legitimate, - 2 lacked NS records but were judged legitimate - 2 were judged spam but had NS records. 145 of 169 (86%) of non-verified domains had MX or A records, Of the 24 without MX or A records, 23 were spam and 1 was legitimate For 20 of the 24 , SPF on the From address returned NXDomain and were obvious spam without checking NS All of the remaining 4 domains had NS records One surprise for me: NS lookup on email3.reachmd.com returns NXDomain, but NS lookup on sg.email3.reachmd.com returns NS data. I thought that the existence of a subdomain would be sufficient for a domain to return NS data. Summary: - MX/A produced 11 false positives - NS lookup produced only 3 false positives - For messages that originate with DMARC-compliance, false positives only matter if the message path causes the DMARC-validation to be lost. - The reachmd.com situation suggests that neither lookup can prevent all false positives. Doug Foster
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
