troubleshooting Question

DMARC reports are suddenly showing an enormous increase of spoofed/threat email.

Avatar of space_time
space_timeFlag for United Kingdom of Great Britain and Northern Ireland asked on
Email ServersAntiSpamEmail Protocols
10 Comments1 Solution215 ViewsLast Modified:
We have dmarc implemented and I usually collect and review the reports weekly. About 3 weeks ago, the number of threat reports massively jumped and remains alarmingly high. Looking at a 2 month period: October-November, 7k emails passed dmarc, 70k have been reported as threats. This all looks like someone external has tried to use my domain and is failing the spf and dkim checks and I am getting the reports about it. I expect dmarc is working as it should but the volume of emails and the sudden increase around 3 weeks ago is what has got be concerned. Unfortunately I have had no reports from humans in that time of fake email coming from my domain. I do not even know the content of the emails or the recipients. All I know from dmarc is that they exist. My dmarc policy is set to quarantine rather than reject so conceivably people are still seeing the emails. I would appreciate any advice from the email experts here.
ASKER CERTIFIED SOLUTION
skullnobrains

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 10 Comments.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 10 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros