Difference between revisions of "DMARC record"

Revision as of 14:43, 31 May 2016

DMARC is a system that adds some rules for DKIM and SPF, so remote servers have a better idea of what your intention is for messages that fail those 2 systems.

DMARC requires both the SPF and DKIM to be present in order to work.

SPF - Sender Policy Framework

Anything that contains the word "framework" is typically crap. Here's more crap we're stuck with.

SPF allows administrators to specify which hosts are allowed to send email from a given domain by creating a specific DNS SPF record in the public DNS.

Mail Exchanger (MX records) then uses the DNS to check that mail from a given domain is being sent by a host sanctioned by that domain's administrator.

You set up SPF in your domain name at the DNS server. Create a TXT entry in the DNS records of your domain.

"v=spf1 a include:_spf.crap.com ip4:123.45.67.8 -all"

DKIM - Domain Key Identified Mail

DKIM uses a key pair, consisting of a public key and a private key. Again more confusing and overly complicated crap!

One key, the "Private Key", is kept safe by the email author. The other key, a "Public Key" permits anyone to verify that a signature made with the corresponding Private Key is valid. DKIM uses DNS to publish the Public Keys, so that any party that wants to validate a signature can easily find the public key.

In your mail server outbound messages will need to pass through a filter that will generate the corresponding signature and store it in an email header.

DMARC - Domain-based Message Authentication, Reporting and Conformance

A DMARC policy allows a sender to indicate that its emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes.

references

• http://techarena51.com/index.php/what-is-dmarc-and-how-you-can-add-it/

To add a DMARC record, go to your domain's DNS Management,

• https://help.directadmin.com/item.php?id=596