A colleague of mine pointed out last night that Outlook.com changed its DNS record from publishing no DMARC policy to publishing a record specifying “p=none; pct=100”.
In DMARC, “p=none” is used to collect feedback and gain visibility into email streams without impacting existing flows.
Earlier this spring, both Aol and Yahoo began publishing “p=reject; pct=100” on some or all of their domains’ DMARC records, causing lots of mail to be rejected at all domains that participate in DMARC – and not just spam. The change caused mail lists to break and inflicted serious deliverability damage on small businesses who’ve relied on Aol or Yahoo for their business needs for years.
Outlook.com hasn’t made any public announcements about when or if they will publish a reject record, but I take yesterday’s change as a clear sign that they’re thinking about it.
I was the one responsible for making that change (i.e., suggesting it and getting others to agree) to the DMARC record for outlook.com.
I agree that publishing a DMARC policy of p=none is frequently a step towards moving to p=quarantine or p=reject. However, this move was not specifically meant for that.
Instead, outlook.com is moving to consolidate its SPF record as it merges with Office 365. This move is used to determine which IPs are actively used to send email that passes SPF with the goal of removing IP ranges that are not actually used. DMARC is a great tool for doing that.
But, thanks for noticing!
LikeLiked by 1 person
Thanks so much for dropping by and for the clarification.
As long as I have your ear regarding authentication, I wanted to let you know that all the nested include statements for those SPF records occasionally cause issues for mutual clients hosting with Microsoft properties. The forced number of look-ups will frequently exceed the number of prescribed by the SPF spec, and authentication fails.
But I expect this is one of the items you are looking at during the consolidation process.
All the best,