[dmarc-discuss] policy overrides and 'what-if'
Franck Martin
fmartin at linkedin.com
Wed Apr 4 14:47:51 PDT 2012
If I'm not mistaken in the report DKIM:pass really means DKIM passed and
is aligned, same for SPF.
On 4/4/12 14:46 , "Rolf E. Sonneveld" <R.E.Sonneveld at sonnection.nl> wrote:
>Hi, Maarten,
>
>On 4/4/12 1:51 PM, Maarten Oelering wrote:
>> I also wanted to see which messages would fail DMARC if the policy
>>would be changed from "none" to "reject".
>>
>> For that I added a DMARC result to my Ruby based report parser. The
>>result is simulated based on information in the report. It looks like
>>this:
>>
>> def dmarc_result(from_domain, spf_result, spf_domain, dkim_result,
>>dkim_domain)
>> ((spf_result == 'pass'&& aligned(spf_domain, from_domain)) ||
>> (dkim_result == 'pass'&& aligned(dkim_domain, from_domain))) ?
>>"pass" : "reject"
>> end
>>
>> My experience is that the DMARC result is a really good predictor of
>>whether the email was valid or not.
>
>can you give a definition of 'valid or not'?
>
>And what percentage deviation do you see (assuming alignment is OK)? I.e.:
>
>DKIM not OK, SPF not OK, policy enforced, mail was from a phished
>domain: x %
>DKIM not OK, SPF not OK, policy enforced, mail was NOT from a phished
>domain: y %
>
>Is x near 100 and y near 0? Do you have any figures about these
>percentages?
>
More information about the dmarc-discuss
mailing list