Idea ID: 2872594

DMARC support for DKIM/SPF

Status: New Idea

DMARC completes security on SMTP for DKIM and SPF.

Gives the owner of domain from sender the option to define a policy how to handle with e-mails the verification failed for:

DKIM

SPF

Without the receiver has to setup for both his own policy rules which maybe doesn't match with the owner of sender domain.

A full configuration includes : DKIM + SPF + DMARC 

Secure Messaging Gateway should support DMARC by query the DMARC record from sender domain to ask for policy in cases if DKIM is failing and SPF results aren't "SPF_PASS". 

A faked e-mail would be handled on policy of correct owner from domain and DMARC record is usually created by correct owner for the sender domain.

  • I look forward to receiving DMARC aggregate reports from SMG systems, and hopefully no failure reports.

    If your system sends out large amounts of email, a basic DMARC record is becoming a hard requirement, even if you don't do much with the reports yet.

    A basic simple record anyone can implement to achieve one of the requirements starting 2024-02-01 (February 1st, 2024) in DNS for your domain is

       

    _dmarc TXT "v=DMARC1; p=none; rua=mailto:{emailAddress2processReports}"

    Note that the address(es) you put in there will receive lots of email (xml files) from those systems that already handle DMARC fully.  Some automation is a requirement, and there are services you can direct your reports to in order to simplify the process. 

    ________________________

    Andy of KonecnyConsulting.ca in Toronto
    Please use the "Like" and/or "Verified Answers" as appropriate as that helps us all.