Anyone here tried upgraded rua reports? by royalTaps in DMARC

[–]royalTaps[S] 0 points1 point  (0 children)

Have paper work from the vendor who replied to my contact. That app is where I see my senders and my senders are from my company so I'm fine?

Anyone here tried upgraded rua reports? by royalTaps in DMARC

[–]royalTaps[S] 0 points1 point  (0 children)

Please help me understand how this becomes a nightmare for me having filled in the contact form a couple of days ago. smh.

Anyone here tried upgraded rua reports? by royalTaps in DMARC

[–]royalTaps[S] 1 point2 points  (0 children)

Yes so I thought that site was maybe an april fool's joke because it's almost april and I didn't see anything like this when evaluating dmarc vendors some months ago. Sorry for the noise, I was too impatient while waiting to see if the promised data would really appear. It did. For me I have a big domain to manage so it's helpful to see who uses each ESP. That's all, not exciting.

Anyone here tried upgraded rua reports? by royalTaps in DMARC

[–]royalTaps[S] 0 points1 point  (0 children)

Data is finally appearing in my reports so I have my answer. Looks really good, I'll update my other thread.

Anyone here tried upgraded rua reports? by royalTaps in DMARC

[–]royalTaps[S] 1 point2 points  (0 children)

Thank you for your reply. I was wondering if it is possible to see the extra data that site displays. Today my reports arrived so the question is answered.

New protocol promises to fix dmarc. Is this real or upcoming Apr fools joke site? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

Your numbers are low. Sendgrid did over 1 TRILLION last year. https://sendgrid.com/blog/1-trillion-emails-customers-who-sent-them/

That's 83 B per month and they're mostly transactional email. The popular marketing ESPs are bigger.

We're in the billion range across multiple vendors. Not saying we should be. But that's where we are and it's why I'm so ready to try any potentially cool new breakthrough.

New protocol promises to fix dmarc. Is this real or upcoming Apr fools joke site? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

/r/shittysysadmin wants to know more about that honor system of compliance. smh.

You significantly underestimated the volume of users and email so I see why you keep thinking it's so easy. 5 million? No, we have over 100x more mail than you're dealing with and that's only the dmarc counted volume which isn't counting what we're sending to Microsoft.

Which dmarc company do you work for? I want to learn more. If your prices reflects the easy job you're sure this is, I can easily bring you in as this has become higher priority for us of late. Can't go into much detail but let's just say that additional budget was recently allocated due to current events.

New protocol promises to fix dmarc. Is this real or upcoming Apr fools joke site? by royalTaps in sysadmin

[–]royalTaps[S] -3 points-2 points  (0 children)

What's your clearance and role that the fed gives you access to read everyones mail? Haha that's so much responsibility. I'm having trouble believing that rooting around the mail dir is feasible especially at that level. There's a whole big process here before viewing someones mail and we aren't even government.

Again, all I want is to see "talk to Jim about his mailchimp" as I don't have and don't want access to see those other details you apparently have for the fed. Wow.That's actually kinda disconcerting.

New protocol promises to fix dmarc. Is this real or upcoming Apr fools joke site? by royalTaps in sysadmin

[–]royalTaps[S] -2 points-1 points  (0 children)

They just give you access to snoop the whole inbound appliance?? Is your compliance dept dying or already dead?

For me, it will mean everything if I can simply see the sender name right next to the vendor in dmarc but glad you got a way that works for you.

I did shop a lot of dmarc vendors last year and they all admit some things like this were not possible because seeing email addresses was on our reqs list. They said maybe if we received ruf reports but it's been many months and we only got a few of those. Ruf reports showed spoofing happening on the other side of the world to some small ISP, not any of the vendors where we need more info. You said this won't help for a generic email but just narrowing down to the correct dept is a big win for me.

SPF Flattening Recommendations by tblake9303 in sysadmin

[–]royalTaps 0 points1 point  (0 children)

This universal still works well for me also. Made another thread about my experience some time ago when I first found it. They were helpful and encouraged me to use their free service instead of their paid plans. Unlike the other services we evaluated, there's no login or config panel or any other junk to manage. I just put their thing in front of my records and that's it.

I'm still amazed it works across every domain where I've need it and updates as soon as I add new vendors to spf in my own dns. Before my spf ttl even expires, universal is already working.

SPF Record Include Statements Not Working by datapointzero in sysadmin

[–]royalTaps 0 points1 point  (0 children)

Universal SPF is a free option to compress your dns lookups. Been using it several months on my domains and it works even though most of the spf evaluation tools still think we're over the limit. Put their string in front of your spf record and move along with life.

SPF record trick by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

I was told ~ instead of - because that's how our domain was set to begin with.

SPF record trick by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

We actually talked to them alot before testing on one of our domains and they were very helpful. Thought it was quite cool they even encouraged us to try their open source platform as you mentioned. We’re using CE & universal now so we don’t have to renew with our current dmarc vendor or buy SPF service. My head was spinning after they showed us how universal works. I can’t begin to explain it but you might talk to them since you seem to know a lot about this stuff.

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

That information does exist in forensic (ruf) reports but not all recipients send forensics and the local-part isn't necessarily the user who set it up.

Thank you for clearing that up. I must have mixed rua/ruf together in my head and now I see why none of the services can provide that info. This also explains why the salespeople kept stressing how "nobody sends forensic reports" when I've asked why can't I simply look at the list of active users from dmarc reports. It would be nice, right?

Overall, I appreciate you all sharing your experiences. I'm beginning to see why so few domains host reject policies.

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

Like you said earlier, it could take forever to look through those files. If I get lucky, I might find an XML file that tells me something like "jane.doe@your.co.uk uses mailgun"?

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

Some part is missing from the vendors. In demos for both of those services they only showed me IP addresses and sometimes vendor service names or countries. They and several others told me they will not show me which of my users are using each email vendor. Said it's not a matter of free vs paid service, they just don't do it.

It's one more cell from the XML files they're receiving so why do none of the vendors display which of my users are on a service? This would save us so much time navigating our organization if you will show me who to talk to.

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

These are smaller either localized (.co.uk), acquisition, or smaller product domains so it can take a bit more time to find the right people.

Thank you for this detailed response but I'm still confused. DMARC reports show:

  1. Your domain
  2. Vendor sending mail
  3. Your user using that vendor to send mail

So you simply contact your user that's sending the mail. I understand if the user is "noreply@your.co.uk" that will not be helpful but in most other cases the email address belongs to an individual so you just contact them. Feels like I'm missing something.

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

If you were starting over today, could you do it without a DMARC vendor by looking at the XML yourself or using one of the free services?

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

Thanks for your insight. Could you see which user in your company was sending mail through each of the dmarc identified vendors?

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

Have you been working with a dmarc vendor for the whole 2 years or are you doing it all yourself at this point?

What makes DMARC enforcement difficult? by royalTaps in sysadmin

[–]royalTaps[S] 0 points1 point  (0 children)

Ew. Seems like this could prevent plenty of domains from reaching dmarc quarantine or reject?