Re: [dmarc-discuss] Correct counting of DNS lookups for SPF record containing MX mechanism

On Wed, May 19, 2021 at 1:08 PM John Levine via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > It appears that Alexander NAZARIAN via dmarc-discuss < > alexander.nazar...@gmail.com> said: > >So I want to understand whether having MX placed in the beginning of SPF > >record can cause a quicker

Re: [dmarc-discuss] Thoughts for new value 'p=nomail'

On Mon, Aug 31, 2020 at 11:23 AM John Levine via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > In article aoy9o3mw4-uoyo9dh_c3ulpmwnb...@mail.gmail.com> you write: > >-=-=-=-=-=- > >-=-=-=-=-=- > > > >With some of my recent DMARC reports for my domains I've seen comments > >about over riding

Re: [dmarc-discuss] Ranked domains that advertise RUA addresses and then bounce aggregate reports sent to them

We still see some rate limiting rejections on our RUA address, though a very low percentage. Seems most sites generate their reports on likely "midnight" boundaries, so the result is definitely similar to a very sharp but not long lasting DDOS. It's large enough that it skips right to the perm

Re: [dmarc-discuss] PolicyPublished, was PolicyOverride in Reporting

8200 |1 | 123-reg.co.uk | > >> | 14400 | 15 | a1mailserver.com| > >> | 21600 |4 | iijmio-mail.jp | > >> | 43200 |1 | f00f.org | > >> | 44200 |1 | freecycle.org | > &

Re: [dmarc-discuss] PolicyPublished, was PolicyOverride in Reporting

t; +-+--+-+ > 17 rows in set (0.11 sec) > > > [†] zaggregate is the name of my reporting program. > http://www.tana.it/sw/zdkimfilter/zaggregate.html > > [‡] http://bit.ly/dmarc-rpt-schema > > > > On Wed 29/Jan/2020 12:18:20 +0

Re: [dmarc-discuss] PolicyOverride in Reporting

Isn't the override in the RowType? So you can just have multiple RecordTypes, each with different RowTypes? Ultimately, it seems like the report is a bunch of fields with a count, and so the composition is to make sure that the set of rows is a "unique" key. Theoretically you should log even the

Re: [dmarc-discuss] Fwd: Re: Help

On Wed, Sep 26, 2018 at 2:22 PM Lawrence Finch via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > > > On Sep 26, 2018, at 5:11 PM, Brandon Long wrote: > > Wait, folks are on this list who don't know the basics? > > Ie: > List-Unsubscribe: , >

Re: [dmarc-discuss] Fwd: Re: Help

Wait, folks are on this list who don't know the basics? Ie: List-Unsubscribe: , on every message? Also, the link in the footer, http://www.dmarc.org/mailman/listinfo/dmarc-discuss, has a section that is the same on all mailman lists: To

Re: [dmarc-discuss] Help

Use a null mx instead. https://tools.ietf.org/html/rfc7505 On Wed, Sep 26, 2018, 8:43 AM Al Iverson via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Might be better to have an MX record that points to localhost, because > if you have an A record but no MX, people will just try to connect to

Re: [dmarc-discuss] MS mail servers (outlook, office365)

On Fri, Jul 13, 2018 at 11:20 AM John Levine via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > In article < > sc1p15201mb2608185f150e2f40a5f89fb4c3...@sc1p15201mb2608.lamp152.prod.outlook.com> > you write: > >Guys, I'm looking for the RUA coming from MS mail servers, but I just > didn't see

Re: [dmarc-discuss] General DMARC weakness - personal forwarding

On Tue, May 29, 2018 at 8:10 AM Alessandro Vesely via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > On Tue 29/May/2018 01:27:33 +0200 Roland Turner via dmarc-discuss wrote: > > On 28/05/18 19:26, Alessandro Vesely via dmarc-discuss wrote: > > > > For the implied question ("Why would small

Re: [dmarc-discuss] Multiple DKIM Signature Reporting in DMARC

Another question would be, should we add the algorithm to the dkim section to differentiate? On Sat, Apr 21, 2018 at 11:43 PM Scott Kitterman via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > On Sunday, April 22, 2018 02:12:33 PM Roland Turner via dmarc-discuss > wrote: > > On 21/04/18

Re: [dmarc-discuss] DSN from microsoftonline.com

On Wed, Dec 20, 2017 at 1:48 PM A. Schulze via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > > > Am 20.12.2017 um 18:44 schrieb Roland Turner via dmarc-discuss: > > What HELO/EHLO hostname is being presented? > > I'm out of office for the next days and have no access to that data. > From what

Re: [dmarc-discuss] DMARC authentication issues with Google

There are multiple services, such as Valimail or Dmarcian or whatever which can help you make that decision, though perhaps they're all a bit biased towards actually making the transition to quarantine/reject. It may be possible to switch to quarantine until the blast is contained. You do have

Re: [dmarc-discuss] What would be a guesstimate to the DMARC report count for a 65k account enterprise ?

ballparking my current reports, I'd say less than the 16k unique domains you're sending to, assuming you're asking about aggregate. Brandon On Fri, Nov 17, 2017 at 9:56 AM DMARC via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Any ideas how many DMARC reports would actually be sent to the

Re: [dmarc-discuss] Google not sending aggregate reports for my .US TLD

yeah, seems reasonable, I'll file a bug. Brandon On Fri, Oct 27, 2017 at 3:44 PM Steve Atkins via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > > > On Oct 27, 2017, at 3:15 PM, Tyler South via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > > > > The domain in question is cssi.us > > >

Re: [dmarc-discuss] Google not sending aggregate reports for my .US TLD

Isn't .us usually considered a 3 level tld, like .uk and .au? And DMARC says to ignore tlds. Brandon On Fri, Oct 27, 2017 at 3:01 PM Steve Atkins via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > > > On Oct 27, 2017, at 2:08 PM, Tyler South via dmarc-discuss < > dmarc-discuss@dmarc.org>

Re: [dmarc-discuss] Report domain from google.com

can you be more specific about what your concern is? Brandon On Thu, Oct 19, 2017 at 3:32 PM, Sugeng Novianto via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Got a non-standart e-mails from google about my domain DMARC. > > Report domain: x.com Submitter: google.com Report-ID: >

Re: [dmarc-discuss] DMARC authentication issues with Google

That graph is awful, especially how it's conflating those three things. My guess (I don't know much about the postmaster tools), is that SPF is only judging what has an envelope sender for your domain, DKIM is only judging what has a DKIM signature, and DMARC is judging what is "From" your

Re: [dmarc-discuss] No DMARC from Google again?

We're aware of the issue and investigating. On Aug 16, 2017 7:36 AM, "Randal Pinto via dmarc-discuss" < dmarc-discuss@dmarc.org> wrote: > Anyone got DMARC reports from Google? Last one I got was on 13/Aug. > Capacity problems again? > > -- > Randal Pinto > Founder & COO > +447703108205 >

Re: [dmarc-discuss] Fwd: DMARC report interpretation

My guess would be a google groups mailing list, which doesn't rewrite because you're only p=none. It's pretty common for domains to use mailing lists as aliases with gsuite, so sa...@foo.com would be a mailing list and do the resending. There's several less than ideal things about this in this

Re: [dmarc-discuss] Metrics on policy actions

Are you looking for the policy applied or the policy requested? Also, I would imagine this is heavily different depending on the receiver. Brandon On Tue, Apr 25, 2017 at 6:23 AM, Anthony Purcell via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Hi John, > > I'm looking for something

Re: [dmarc-discuss] Netscape.net?

Er, that's 3/23, ie yesterday. On Fri, Mar 24, 2017 at 3:39 PM, Brandon Long wrote: > From our recent logs, it looks like it was updated from p=none to p=reject > on sometime around 2/23 1p PDT ... probably because of this note. > > Brandon > > On Fri, Mar 24, 2017 at 12:52

Re: [dmarc-discuss] Netscape.net?

>From our recent logs, it looks like it was updated from p=none to p=reject on sometime around 2/23 1p PDT ... probably because of this note. Brandon On Fri, Mar 24, 2017 at 12:52 PM, John Levine via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > In article

Re: [dmarc-discuss] A bit quiet?

Actually, do you have any more specifics for me to take a look? Best case would be the recipient and message-id of something that ended up in the spam label. Off list would be fine. Brandon On Fri, Feb 3, 2017 at 5:05 PM, Brandon Long wrote: > I'll take a look. > > On Thu,

Re: [dmarc-discuss] A bit quiet?

I'll take a look. On Thu, Feb 2, 2017 at 11:28 PM, Roland Turner < roland.tur...@trustsphere.com> wrote: > John Payne wrote: > > >> Presumably this just indicates that the rewrite rule that Brandon > described for Google Groups > >> is not in use by IETF's mailing lists? > >> > >> Tradeoffs in

Re: [dmarc-discuss] A bit quiet?

Someone asked a followup question here, and something else occurred to me. If you go to p=quarantine and pct=0, Google Groups will still do the rewriting, but no one should enforce the quarantine. I know this is true for our own code, but I don't know how well others handle it to know if it's a

Re: [dmarc-discuss] A bit quiet?

This sounds likely to be messages from your domain that were forwarded by Google apps, most likely mailing lists. If the message was authenticated inbound to the mailing list, it will be signed outbound by the domain hosting the list. If you were p=reject or quarantine, we would rewrite the

Re: [dmarc-discuss] Beware of the size limit in DMARC URIs

Actually, from the code, I'm surprised we handle a single address with ! correctly. I'll file a bug. Brandon On Tue, Oct 4, 2016 at 12:21 AM, Juri Haberland via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Hi, > > while writing a patch for OpenDMARC, I stumbled accross problems with the >

Re: [dmarc-discuss] submission via google / dmarc fail

Sorry, I wasn't on dmarc-discuss for some reason, looking at the archive: A. Schulze via dmarc-discuss: > > I like to point to that open topic without any answer I hoped to get > from Google > > simple setup: > gmail user send with RFC5322.From *@googlemail.com via google using a > smartphone. >