SMTP – DMARC

dmarcFollowing up on the first SMTP post, this next one is probably easiest: the DMARC record. Getting it active on your domain can take a few seconds and maybe a more complicated setup a few minutes.

As simple as this mechanism is to set up, it’s always has been pretty solid against the abuse of a domain. DMARCs strength lies in collaboration: Email senders that publish DMARC policies receive feedback reports from DMARC-compliant message recipients about unauthenticated messages purporting to come from any of the sending organization’s domains.

Implementing it is in most cases very easy, when you don’t specify a complicated policy. In it’s simplest form it looks like this:

_dmarc 5 MIN TXT v=DMARC1; p=reject;

This will be enough in most cases.

Something more complicated it can look like this:

_dmarc 5 MIN TXT v=DMARC1; p=none; sp=quarantine; pct=100; rua=mailto:support@yourdomain.com;

If you DO want a policy but DON’T want to reject (not advisable) your could do with this:

_dmarc 5 MIN TXT v=DMARC1; p=none;

Complete series: Backscatter check, DMARC, SPF, DKIM with Postfix, DKIM with Postfix and rspamd, DKIM with DirectAdmin and Exim and SMTP checks.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.