On 8/23/2024 1:34 PM, Alex Shakhov via mailop wrote:
We are currently managing several domains that are experiencing
spoofing attacks, which led us to implement a p=reject policy.
In terms of the mechanical details, what exactly is the attack and how
is it affecting your email service?
We monitor these domains through Uriports, and while all DKIM/SPF
validations pass, exceptions arise with emails routed through security
providers such as Cloudflare, Proofpoint, Mimecast, Inky, and others.
Is the "reject" disposition simply noise that can be disregarded, with
100% of these emails still being delivered due to the application of
the ARC policy? Or do these emails fail to reach their final destination?
You do not have a service contract with receiving sites. They have no
obligation to behave as you wish. And they have their own range of
concerns and assessments. As a small example, some originators set
p=reject inappropriately. That is, the originating sites are not
configured or operated well enough to make reject that right choice.
So, yes, your DMARC 'policy' can be ignored or adjusted.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
mast:@dcrocker@mastodon.social
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
