I have got my SPF, DKIM & DMARC records correctly setup and I have started using a DMARC analysis service.
One thing I have noticed is the volume failures. For example, in the last 3 days I have had 16,000 without correct SPF & DKIM.
I am confidant that my legitimate email is being received.
My questions are:
Should I be concerned or take any action due the volume of spam being sent from my domain?
Is this level of spam normal and is having SPF, DKIM & DMARC enough to resolve the issue?
This level of spam is unfortunately common: I get on a some small spam-collecting test system sometimes 15.000 spam mails a day from just a single IP address.
Having SPF, DKIM and DMARC records help against misuse of your own domain as the spoofed sender of spam. But they require that SPF and DMARC first implement a hard blocking policy and that the major number of recipients actually checks for such records and blocks spoofed mails so that it gets too expensive for the spammer. Currently this is not the case.
Checking incoming mail with SPF, DKIM and DMARC on your mail server helps to reduce the volume of spam you pass through to the internal recipients. DNS based real time blacklists are also very good in fighting spam as is Greylisting. And there are various commercial providers which help you in reducing the amount of spam you get.
And of course you should not be a source of spam yourself, i.e. make sure that none of your systems is part of a spam sending botnet and that your mail server is not an open relay which accepts mail from outside and forwards these to other external addresses.
