In article <85393a12-a51f-6722-4171-118919fcc...@mtcc.com> you write: >The real problem with large enterprise that we found, however, is that >it was really hard to track down every 25 year >old 386 sitting in dusty corners that was sending mail directly instead >of through corpro servers to make certain >that everything was signed that should be signed. Maybe that's gotten >better in the last 15 years, but I'm not too hopeful.
No kidding. That's why you publish a DMARC policy record that says don't treat my mail any differently, but please send me summary reports about it. This lets you see where mail with your From: domain is coming from, to track down all those dusty servers. Once you've found them all, then you can decide whether publishing a policy is likely make things better or worse. You'll also find a whole lot of Chinese botnets that send out spam with random return addresses including yours, but they're not hard to tell apart. R's, John