Re: [dmarc-discuss] DMARC where mail is never sent
I have DMARC reporting on my personal mail domain, using dmarcians free service for low volume accounts. I see way more spam in asia using my domain, than I send legal mail. I have up to around 100 fake mails sent a day based on reporting alone. Right now I have p=quarantine. Will change to reject. But if recipient does not filter according to dmarc it does not help much. -Oprindelig meddelelse- Fra: dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] På vegne af John Levine via dmarc-discuss Sendt: 30. september 2016 18:07 Til: dmarc-discuss@dmarc.org Cc: s...@andreasschulze.de Emne: Re: [dmarc-discuss] DMARC where mail is never sent >> Does it make sense to publish a DMARC record to signal that a host >> should never send email? Can said record be published without an >> accompanying DKIM record? > >See >http://www.m3aawg.org/documents/en/m3aawg-protecting-parked-domains-bes >t-common-practices Quite right. While you're at it, assuming the domain doesn't receive mail either, also publish a null MX. R's, John ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html) ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] DMARC where mail is never sent
We're mainly interested in the data for anti-phishing purposes - If they're trying to phish us, they're likely trying to phish others too. On Fri, Sep 30, 2016 at 12:35 PM, Terry Zink via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Could this be simplified further: > > > > a01.com IN TXT "v=spf1 -all" > > _dmarc.a01.com IN TXT "v=DMARC1\; p=reject" > > > > If the domain never sends email, I don’t particularly care to receive > reports. I guess the argument is that it may be interesting to see who is > sending email as this parked domain. > > > > --Terry > > > > *From:* dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] *On Behalf > Of *Paul Rock via dmarc-discuss > *Sent:* Friday, September 30, 2016 7:22 AM > *To:* mi...@basejp.com > *Cc:* dmarc-discuss <dmarc-discuss@dmarc.org> > *Subject:* Re: [dmarc-discuss] DMARC where mail is never sent > > > > Yes, mainly for brand/domain protection. We see spammers co-opt domains > all the time that are widely recognized but not normally used for mail. > I've told people in the past to do this for domains that they own that > should never send mail, especially lookalike or spoof domains that you own > for brand protection. See a0l.com > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa0l.com=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=uzKQjuaT%2BO%2FtTtBSFjVH7%2ByJzDjZpZz2NZodq4AVIn0%3D=0> > for example: > > > > a0l.com > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa0l.com=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=uzKQjuaT%2BO%2FtTtBSFjVH7%2ByJzDjZpZz2NZodq4AVIn0%3D=0>. >3578IN TXT "v=spf1 -all" > > _dmarc.a0l.com > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdmarc.a0l.com=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=f5MNVkLqnlj0Lw5pDme2my1yKikswUtndtyD5M6A4vY%3D=0>. > 3559IN TXT "v=DMARC1\; p=reject\; fo=1\; rua=mailto: > a...@rua.agari.com\; ruf=mailto:a...@ruf.agari.com; > > > > > > On Fri, Sep 30, 2016 at 9:55 AM, Mitchell Kuch via dmarc-discuss < > dmarc-discuss@dmarc.org> wrote: > > Hello - > > Does it make sense to publish a DMARC record to signal that a host > should never send email? Can said record be published without an > accompanying DKIM record? > > Thanks, > - - Mitchell > > > v=spf1 -all > v=DMARC1; p=reject; rua=mailto:mailreports@test.example; > ruf=mailto:mailreports@test.example; fo=0; adkim=s; aspf=s; pct=100; > rf=afrf; ri=1; sp=reject > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dmarc.org%2Fmailman%2Flistinfo%2Fdmarc-discuss=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=fN3hNZzOvLo1qZlE%2FjWXiWpQaRsjzBvEN8gPAFKHDq4%3D=0> > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html > <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dmarc.org%2Fnote_well.html=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=EphsaQa7%2F7jucdMmdwkGt9tLp8yoCnM7%2BrBToGrT1hU%3D=0> > ) > > > > > > -- > > > *PAUL ROCK * > *Principal Software Engineer | AOL Mail *P: 703-265-5734 | C: 703-980-8380 > AIM: paulsrock > 22070 Broderick Dr.| Dulles, VA | 20166-9305 > > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > -- PAUL ROCK Principal Software Engineer | AOL Mail P: 703-265-5734 | C: 703-980-8380 AIM: paulsrock 22070 Broderick Dr.| Dulles, VA | 20166-9305 ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] DMARC where mail is never sent
Could this be simplified further: a01.com IN TXT "v=spf1 -all" _dmarc.a01.com IN TXT "v=DMARC1\; p=reject" If the domain never sends email, I don’t particularly care to receive reports. I guess the argument is that it may be interesting to see who is sending email as this parked domain. --Terry From: dmarc-discuss [mailto:dmarc-discuss-boun...@dmarc.org] On Behalf Of Paul Rock via dmarc-discuss Sent: Friday, September 30, 2016 7:22 AM To: mi...@basejp.com Cc: dmarc-discuss <dmarc-discuss@dmarc.org> Subject: Re: [dmarc-discuss] DMARC where mail is never sent Yes, mainly for brand/domain protection. We see spammers co-opt domains all the time that are widely recognized but not normally used for mail. I've told people in the past to do this for domains that they own that should never send mail, especially lookalike or spoof domains that you own for brand protection. See a0l.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa0l.com=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=uzKQjuaT%2BO%2FtTtBSFjVH7%2ByJzDjZpZz2NZodq4AVIn0%3D=0> for example: a0l.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fa0l.com=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=uzKQjuaT%2BO%2FtTtBSFjVH7%2ByJzDjZpZz2NZodq4AVIn0%3D=0>. 3578IN TXT "v=spf1 -all" _dmarc.a0l.com<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fdmarc.a0l.com=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=f5MNVkLqnlj0Lw5pDme2my1yKikswUtndtyD5M6A4vY%3D=0>. 3559IN TXT "v=DMARC1\; p=reject\; fo=1\; rua=mailto:a...@rua.agari.com<mailto:a...@rua.agari.com>\; ruf=mailto:a...@ruf.agari.com<mailto:a...@ruf.agari.com>" On Fri, Sep 30, 2016 at 9:55 AM, Mitchell Kuch via dmarc-discuss <dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org>> wrote: Hello - Does it make sense to publish a DMARC record to signal that a host should never send email? Can said record be published without an accompanying DKIM record? Thanks, - - Mitchell v=spf1 -all v=DMARC1; p=reject; rua=mailto:mailreports@test.example<mailto:mailreports@test.example>; ruf=mailto:mailreports@test.example<mailto:mailreports@test.example>; fo=0; adkim=s; aspf=s; pct=100; rf=afrf; ri=1; sp=reject ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org<mailto:dmarc-discuss@dmarc.org> http://www.dmarc.org/mailman/listinfo/dmarc-discuss<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dmarc.org%2Fmailman%2Flistinfo%2Fdmarc-discuss=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=fN3hNZzOvLo1qZlE%2FjWXiWpQaRsjzBvEN8gPAFKHDq4%3D=0> NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html<https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.dmarc.org%2Fnote_well.html=01%7C01%7Ctzink%40exchange.microsoft.com%7C04e6616edc4b46d5719408d3e93ddb01%7C72f988bf86f141af91ab2d7cd011db47%7C1=EphsaQa7%2F7jucdMmdwkGt9tLp8yoCnM7%2BrBToGrT1hU%3D=0>) -- PAUL ROCK Principal Software Engineer | AOL Mail P: 703-265-5734 | C: 703-980-8380 AIM: paulsrock 22070 Broderick Dr.| Dulles, VA | 20166-9305 ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] DMARC where mail is never sent
>> Does it make sense to publish a DMARC record to signal that a host >> should never send email? Can said record be published without an >> accompanying DKIM record? > >See >http://www.m3aawg.org/documents/en/m3aawg-protecting-parked-domains-best-common-practices Quite right. While you're at it, assuming the domain doesn't receive mail either, also publish a null MX. R's, John ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] DMARC where mail is never sent
Mitchell Kuch via dmarc-discuss: Does it make sense to publish a DMARC record to signal that a host should never send email? Can said record be published without an accompanying DKIM record? See http://www.m3aawg.org/documents/en/m3aawg-protecting-parked-domains-best-common-practices Andreas ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
Re: [dmarc-discuss] DMARC where mail is never sent
Yes, mainly for brand/domain protection. We see spammers co-opt domains all the time that are widely recognized but not normally used for mail. I've told people in the past to do this for domains that they own that should never send mail, especially lookalike or spoof domains that you own for brand protection. See a0l.com for example: a0l.com.3578IN TXT "v=spf1 -all" _dmarc.a0l.com. 3559IN TXT "v=DMARC1\; p=reject\; fo=1\; rua=mailto:a...@rua.agari.com\; ruf=mailto:a...@ruf.agari.com; On Fri, Sep 30, 2016 at 9:55 AM, Mitchell Kuch via dmarc-discuss < dmarc-discuss@dmarc.org> wrote: > Hello - > > Does it make sense to publish a DMARC record to signal that a host > should never send email? Can said record be published without an > accompanying DKIM record? > > Thanks, > - - Mitchell > > > v=spf1 -all > v=DMARC1; p=reject; rua=mailto:mailreports@test.example; > ruf=mailto:mailreports@test.example; fo=0; adkim=s; aspf=s; pct=100; > rf=afrf; ri=1; sp=reject > ___ > dmarc-discuss mailing list > dmarc-discuss@dmarc.org > http://www.dmarc.org/mailman/listinfo/dmarc-discuss > > NOTE: Participating in this list means you agree to the DMARC Note Well > terms (http://www.dmarc.org/note_well.html) > -- PAUL ROCK Principal Software Engineer | AOL Mail P: 703-265-5734 | C: 703-980-8380 AIM: paulsrock 22070 Broderick Dr.| Dulles, VA | 20166-9305 ___ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
