Re: [dmarc-discuss] [Newbie warning] Both spf and dkim?

2015-08-12 Thread Paul Rock via dmarc-discuss
Hi there Carlos - The main reason people say you should have both is that many customers do things completely legitimately (like mail forwarding) that break SPF. Any of those messages that lack DKIM will automatically fail DMARC, and customers will wonder what the heck happened to their mail,

Re: [dmarc-discuss] Mail delivery failed: returning message to sender

2015-07-09 Thread Paul Rock via dmarc-discuss
While I can't speak for everyone, in theory yes, they could impact your reputation if those are a significant % of your traffic to us. Of course, if they are a significant % of your traffic, you're probably not sending much mail to us in the first place, so... *shrug*. However, I would make the

Re: [dmarc-discuss] Deliverability of DMARC reports

2016-09-13 Thread Paul Rock via dmarc-discuss
At AOL we see this as well, and for now we're treating it as "they're still figuring this DMARC thing out". If it's someone we have a regular relationship with and it's not a blip, we'll reach out and ask what's up. If it appears to be a serious issue - a domain getting heavily abused for example

Re: [dmarc-discuss] A bit quiet?

2016-09-26 Thread Paul Rock via dmarc-discuss
I'll second what Franck has said - Once we we figured out all of the 3rd parties we needed to talk to, virtually everyone was happy to work with us to find a solution. The biggest problem we've had, by far, was internals who couldn't be bothered to figure out how mail works, and then suddenly

Re: [dmarc-discuss] DMARC where mail is never sent

2016-09-30 Thread Paul Rock via dmarc-discuss
this parked domain. > > > > --Terry > > > > *From:* dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] *On Behalf > Of *Paul Rock via dmarc-discuss > *Sent:* Friday, September 30, 2016 7:22 AM > *To:* mi...@basejp.com > *Cc:* dmarc-discuss <dmarc-discuss@

Re: [dmarc-discuss] DMARC where mail is never sent

2016-09-30 Thread Paul Rock via dmarc-discuss
Yes, mainly for brand/domain protection. We see spammers co-opt domains all the time that are widely recognized but not normally used for mail. I've told people in the past to do this for domains that they own that should never send mail, especially lookalike or spoof domains that you own for

Re: [dmarc-discuss] Beware of the size limit in DMARC URIs

2016-10-13 Thread Paul Rock via dmarc-discuss
Sorry for not saying so earlier, but we're looking into the multiple to thing. We'll roll out a fix asap. On Thu, Oct 13, 2016 at 3:30 AM, Alessandro Vesely via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > On Wed 12/Oct/2016 21:38:45 +0200 Juri Haberland via dmarc-discuss wrote: > >> On

Re: [dmarc-discuss] FBL via DMARC?

2016-11-30 Thread Paul Rock via dmarc-discuss
At AOL we're doing this with a confirmation popup in clients we control and then sending a unsubscribe mail on behalf of the user when we find unsubscribe mailto links, and I know that some 3rd party clients also have started to implement unsubscribe logic (iOS 10 does so for example). I also know

Re: [dmarc-discuss] How to block fake forwarders?

2017-10-12 Thread Paul Rock via dmarc-discuss
This is a pretty common practice for domains that people own for brand protection as well - a0l.com has a -all SPF, p=reject DMARC policy, and no MX. On Thu, Oct 12, 2017 at 1:22 AM, Pete Holzmann via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Awesome! Thank you SO much :) > > On 12 Oct

Re: [dmarc-discuss] General DMARC weakness - personal forwarding

2018-05-21 Thread Paul Rock via dmarc-discuss
1) Yes, via two methods - The first is mailbox aggregation (why setup forwarding when I can just read the mailbox for you?) which is currently supported by a number of email providers. The second is via Authenticated Received Chain (ARC - see http://arc-spec.org/). Also currently supported by a