From: Alex <mysqlstud...@gmail.com> >I'm just adding 1.5 points when DMARC tests fail and the policy is to >reject. Is it safe to block them completely?
I am rejecting with OpenDMARC when the sender's DMARC record has p=reject. This is what they asked for so I am doing it. I have run into on case where a sender who's primary business is to send emails setup DMARC with p=reject then used dmarcian.com to help them with their implementation. They were not DKIM signing and their SPF record was wrong. They blamed me for blocking their email saying they didn't have any other reports of this happening for any other customer. My response was to show them their own DNS setting said to reject the email so my filters were doing exactly that. This sender should be getting some fancy reports and a dashboard or something from dmarcian.com showing all of the failures but I guess they are ignoring the reports. >And why aren't DMARC tests part of the stock SA yet? Someone needs to write a DMARC plugin for SA. http://search.cpan.org/dist/Mail-DMARC/