1 Topic by saquib.akhtar (edited by saquib.akhtar 2019-03-12 03:08:02)

  • saquib.akhtar
  • saquib.akhtar
  • Member
  • Offline
  • From: INDIA
  • Registered: 2018-02-20
  • Posts: 110

Topic: DMARC record

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release):  0.9.9
- Deployed with iRedMail Easy or the downloadable installer? No
- Linux/BSD distribution name and version:  CentOS 7.6
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  PGSQL v9.2
- Web server (Apache or Nginx): Nginx
- Manage mail accounts with iRedAdmin-Pro? Yes, 3.2
====

I want to create DMARC record. What are the steps need to be followed?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: DMARC record

Try to understand it first: https://dmarc.org
The website has detailed introduction, and sample DNS records.

Since you already have SPF and DKIM, a quick DMARC record should be:

v=DMARC1; p=reject; sp=none; rua=mailto:you@your-domain.com

You will receive report from recipient servers which have DMARC software running (e.g. OpenDMARC).

3 Reply by saquib.akhtar

  • saquib.akhtar
  • saquib.akhtar
  • Member
  • Offline
  • From: INDIA
  • Registered: 2018-02-20
  • Posts: 110

Re: DMARC record

ZhangHuangbin wrote:

Try to understand it first: https://dmarc.org
The website has detailed introduction, and sample DNS records.

Since you already have SPF and DKIM, a quick DMARC record should be:

v=DMARC1; p=reject; sp=none; rua=mailto:you@your-domain.com

You will receive report from recipient servers which have DMARC software running (e.g. OpenDMARC).


I have created DMARC record on the DNS server, but when querying from external DNS tools, it says no DMARC found.
I have set the value of p=none for initially getting reports.

4 Reply by saquib.akhtar

  • saquib.akhtar
  • saquib.akhtar
  • Member
  • Offline
  • From: INDIA
  • Registered: 2018-02-20
  • Posts: 110

Re: DMARC record

saquib.akhtar wrote:
ZhangHuangbin wrote:

Try to understand it first: https://dmarc.org
The website has detailed introduction, and sample DNS records.

Since you already have SPF and DKIM, a quick DMARC record should be:

v=DMARC1; p=reject; sp=none; rua=mailto:you@your-domain.com

You will receive report from recipient servers which have DMARC software running (e.g. OpenDMARC).


I have created DMARC record on the DNS server, but when querying from external DNS tools, it says no DMARC found.
I have set the value of p=none for initially getting reports.


What should be done in this case?

5 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: DMARC record

DNS query still doesn't return anything? You need to contact your DNS service provider.

6 Reply by saquib.akhtar

  • saquib.akhtar
  • saquib.akhtar
  • Member
  • Offline
  • From: INDIA
  • Registered: 2018-02-20
  • Posts: 110

Re: DMARC record

ZhangHuangbin wrote:

DNS query still doesn't return anything? You need to contact your DNS service provider.

Now DNS returning properly.

Which is best DMARC policy that can be implemented?

7 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 30,793

Re: DMARC record

saquib.akhtar wrote:

Which is best DMARC policy that can be implemented?

There's no "BEST" policy for everyone, you need to decide which one is the best for you.

If you allow users/applications to send out email from your server and no other servers, it's the best to use 'p=reject' in DMARC DNS record, so that other mail servers can safely reject (forged) emails which has "@<your-domain>" as sender address.

For example:

v=DMARC1; p=reject; sp=none; rua=mailto:someone@mydomain.com

8 Reply by saquib.akhtar

  • saquib.akhtar
  • saquib.akhtar
  • Member
  • Offline
  • From: INDIA
  • Registered: 2018-02-20
  • Posts: 110

Re: DMARC record

Okay.