Tell me about DMARC receiver overrides

The DMARC specification allows a receiver to selectively override a reject policy when they decide that a message should be delivered due to their local policy. Agari cannot report on specific reasons as to why a receiver makes a local policy decision, but we do report when the data indicates a local policy override was implemented. These messages may still be rejected or quarantined if further evaluation by the receiver indicates that is the appropriate action, but this is not reflected in the DMARC data Agari receives.

Reasons that a receiver might choose to override a reject policy include if they believe authentication was broken due to forwarding or mailing list expansion, or they want to further evaluate messages failing authentication from a source with an otherwise good reputation.

Changes in the ratio of Override messages: Factors could include increased/decreased allowance due to recognition of traffic traversing mailing lists, or simply a change in their own internal policy for what sets of messages they want to let in further for more in-depth scanning.

 

DMARC aggregators such as Agari do not have detailed insight into a data provider's override mechanisms beyond what is specified in the RUA data and the general thoughts presented here.

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk