1 (edited by saquib.akhtar 2019-03-12 03:08:02)

Topic: DMARC record

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  0.9.9
- Deployed with iRedMail Easy or the downloadable installer? No
- Linux/BSD distribution name and version:  CentOS 7.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  PGSQL v9.2
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes, 3.2
====

I want to create DMARC record. What are the steps need to be followed?

2

Re: DMARC record

Try to understand it first: https://dmarc.org
The website has detailed introduction, and sample DNS records.

Since you already have SPF and DKIM, a quick DMARC record should be:

v=DMARC1; p=reject; sp=none; rua=mailto:you@your-domain.com

You will receive report from recipient servers which have DMARC software running (e.g. OpenDMARC).

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

3

Re: DMARC record

ZhangHuangbin wrote:

Try to understand it first: https://dmarc.org
The website has detailed introduction, and sample DNS records.

Since you already have SPF and DKIM, a quick DMARC record should be:

v=DMARC1; p=reject; sp=none; rua=mailto:you@your-domain.com

You will receive report from recipient servers which have DMARC software running (e.g. OpenDMARC).


I have created DMARC record on the DNS server, but when querying from external DNS tools, it says no DMARC found.
I have set the value of p=none for initially getting reports.

4

Re: DMARC record

saquib.akhtar wrote:
ZhangHuangbin wrote:

Try to understand it first: https://dmarc.org
The website has detailed introduction, and sample DNS records.

Since you already have SPF and DKIM, a quick DMARC record should be:

v=DMARC1; p=reject; sp=none; rua=mailto:you@your-domain.com

You will receive report from recipient servers which have DMARC software running (e.g. OpenDMARC).


I have created DMARC record on the DNS server, but when querying from external DNS tools, it says no DMARC found.
I have set the value of p=none for initially getting reports.


What should be done in this case?

5

Re: DMARC record

DNS query still doesn't return anything? You need to contact your DNS service provider.

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

6

Re: DMARC record

ZhangHuangbin wrote:

DNS query still doesn't return anything? You need to contact your DNS service provider.

Now DNS returning properly.

Which is best DMARC policy that can be implemented?

7

Re: DMARC record

saquib.akhtar wrote:

Which is best DMARC policy that can be implemented?

There's no "BEST" policy for everyone, you need to decide which one is the best for you.

If you allow users/applications to send out email from your server and no other servers, it's the best to use 'p=reject' in DMARC DNS record, so that other mail servers can safely reject (forged) emails which has "@<your-domain>" as sender address.

For example:

v=DMARC1; p=reject; sp=none; rua=mailto:someone@mydomain.com

----

Does my reply help a little? How about buying me a cup of coffee ($5) as an encouragement?

buy me a cup of coffee

8

Re: DMARC record

Okay.