Re: [dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-28 Thread Al Iverson via dmarc-discuss
Carl, this is great to hear. Thanks for sharing with us. Best regards, Al Iverson -- Al Iverson www.aliverson.com (312)725-0130 On Fri, Nov 25, 2016 at 4:36 AM, Carl Windsor via dmarc-discuss wrote: >>I would suggest a note saying that Fortinet's implementation is

Re: [dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-28 Thread Petr Novák via dmarc-discuss
Well just so you know, I reported this bug to FortiNet almost a year ago 2015-12-09. That was when FortiMail got the DMARC implementation(firmware 5.3.0). Since that time we contacted their support, which gave us the answer I posted. So we tried to change it by contacting local Fortinet's

Re: [dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-28 Thread Roland Turner via dmarc-discuss
ia dmarc-discuss <dmarc-discuss@dmarc.org> Sent: Friday, 25 November 2016 17:57 To: dmarc-discuss@dmarc.org Subject: Re: [dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation   Well if it wasn't by design then how do you explain this reply from your support t

Re: [dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-25 Thread Petr Novák via dmarc-discuss
Well if it wasn't by design then how do you explain this reply from your support team. quote: "I've got feedback from engineering on this. The current behavior is by design, the action for DMARC check failure is driven by the action next to the DMARC check (action-dmarc) no matter the DMARC

[dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-25 Thread Carl Windsor via dmarc-discuss
>I would suggest a note saying that Fortinet's implementation is >known to be fatally buggy. Hi DMARC Group, I am the Product Manager @ Fortinet for FortiMail and can confirm that this was not by design but a bug. As of 5.3 interim build 625 we respect the p=none directive and this will be

Re: [dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-14 Thread John Levine via dmarc-discuss
>p= none is not just because people don't care. What he said. p=none lets you collect reports and decide what to do. In my case, the reports have told me that for all but one of the domains I manage*, nobody is forging them enough to be worth further DMARC pain. I would suggest a note saying

Re: [dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-14 Thread Phil Stracchino via dmarc-discuss
On 11/14/16 14:53, Scott Kitterman via dmarc-discuss wrote: > It's also essentially impossible if you make non-trivial use of > mailing lists. Even though I've has SPF -all records for over a > decade and encourage people to reject mail purporting to be from my > domains that fail SPF, I am no

[dmarc-discuss] Getting to reject, was :Re: FortiNet’s FortiMail DMARC implementation

2016-11-14 Thread Scott Kitterman via dmarc-discuss
On November 14, 2016 2:42:42 PM EST, Terry Zink via dmarc-discuss wrote: >> Well, DMARC addresses one particular vector - we still need to find >more effective ways >> to address cousin domains, display name abuse, etc. > >I didn't mean cousin domains, I mean domains