>Which suggests that DMARC status is pretty much orthogonal to spam detection, >on this small sample. DMARC has very little to do with spam detection. Its original purpose is to deter phishing of famous brands, of which paypal is the poster child. It works pretty well for that, since those organizations tend to send all of their mail from a few places they control and (other than Linkedin which is no great loss) the staff members who are on mailing lists use addresses in other domains. Last year AOL and Yahoo repurposed it after they each separately allowed crooks to steal their users' address books, so AOL and Yahoo users were getting spam from the AOL and Yahoo addresses of people they knew, sent from outside AOL and Yahoo. So AOL and then Yahoo turned DMARC on, which was quite effective at stopping that particular flavor of spam, but in the process forcing the costs of their security failures on everyone else. R's, John PS: To the obvious question of why don't crooks phish paypal from lookalike domains, they do, but a remarkable number of them still use the exact domain. Partly that's because it's easier, partly because if the exact address gets through, it can match entries in the recipients' address books and get displayed in ways that makes it look more credible.