Am 17.10.24 um 19:42 schrieb L. Mark Stone via mailop:
Back in May at the InboxExpo conference in Atlanta, I was told by a consultant to very large senders that they advise customers to set their DMARC to "p=quarantine" because they had been observing that Microsoft's processing of some emails was causing DKIM failures - in as much as 30% of their customers' email campaigns traffic.
I wouldn't advise on anything more than p=quarantine, too. Mail users use all kinds of weird forwarding and mangling mechanisms, and that quickly breaks SPF *and* DKIM, which means DMARC isn't appropriate for those users unless the forwarders play nicely (which they could anyway by not breaking DKIM at the beginning). However, we don not have a say in what they do (we can't even contact them as DMARC reports are statistical in nature, not individual) so the only thing we can do to mitigate the breakage caused by others is to advertise a relatively lenient policy.
In any case, spammers aren't dumb, and they can set up perfectly valid SPF and DKIM for their domains conveniently hidden behind domain registrars and hosters who would rather bite and swallow their tongue than disclose who their customers are. DMARC as a spam reduction mechanism is not really working. It can be used to detect some forged mails though, with limited success due to the high number of false positives. Many fraudulent attacks such as phishing or advance fee fraud work by exploiting layer 8 security deficiencies while having proper DKIM&SPF, which you can't easily fix with technology.
I'm (on-and-off) working on a reputation-based P2P system which could possibly enable the quick distribution of information about fraudulent sender addresses, compromised mail and web hosts and those under control by criminals, etc. But I'm well aware that to be useful, you need to have some critical mass which I'll most likely not get (especially as long as the software isn't usable outside of my little world).
Cheers, Hans-Martin _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
