Outlook.com Tests the DMARC Waters

A colleague of mine pointed out last night that Outlook.com changed its DNS record from publishing no DMARC policy to publishing a record specifying “p=none; pct=100”.

In DMARC, “p=none” is used to collect feedback and gain visibility into email streams without impacting existing flows.

Earlier this spring, both Aol and Yahoo began publishing “p=reject; pct=100” on some or all of their domains’ DMARC records, causing lots of mail to be rejected at all domains that participate in DMARC – and not just spam. The change caused mail lists to break and inflicted serious deliverability damage on small businesses who’ve relied on Aol or Yahoo for their business needs for years.

Outlook.com hasn’t made any public announcements about when or if they will publish a reject record, but I take yesterday’s change as a clear sign that they’re thinking about it.

2 thoughts on “Outlook.com Tests the DMARC Waters

  1. I was the one responsible for making that change (i.e., suggesting it and getting others to agree) to the DMARC record for outlook.com.

    I agree that publishing a DMARC policy of p=none is frequently a step towards moving to p=quarantine or p=reject. However, this move was not specifically meant for that.

    Instead, outlook.com is moving to consolidate its SPF record as it merges with Office 365. This move is used to determine which IPs are actively used to send email that passes SPF with the goal of removing IP ranges that are not actually used. DMARC is a great tool for doing that.

    But, thanks for noticing!

    Liked by 1 person

  2. Hi Terry,

    Thanks so much for dropping by and for the clarification.

    As long as I have your ear regarding authentication, I wanted to let you know that all the nested include statements for those SPF records occasionally cause issues for mutual clients hosting with Microsoft properties. The forced number of look-ups will frequently exceed the number of prescribed by the SPF spec, and authentication fails.

    But I expect this is one of the items you are looking at during the consolidation process.

    All the best,
    Andrew.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s