1

Topic: Does iredmail upholds the DMARC, DKIM, SPF policies?

==== Required information ====
- iRedMail version (check /etc/iredmail-release):
- Linux/BSD distribution name and version:
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):
- Web server (Apache or Nginx):
- Manage mail accounts with iRedAdmin-Pro?
- Related log if you're reporting an issue:
====

does it have the option to reject/drop/bounce any email that fail DMARC, DKIM, or SPF ?
does it even support DMARC ?
can it process/report DMARC ?

Please & Thanks

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Does iredmail upholds the DMARC, DKIM, SPF policies?

iRedMail has SPF and DKIM verification enabled in Amavisd by default, also supports DKIM signing. but no DMARC support.

Just personal opinion: people are inventing new tool/policy/solution to fight spam, for example, Sender ID first, then SPF, DomainKeys, DKIM, and now DMARC, and needless to say there' will be something new coming soon.

I think DKIM is good enough, people were promoting it, but the problem is no BIG ISPs force sender servers to have DKIM signature. (same to Sender ID, SPF, DomainKeys, DKIM, DMARC). Let's say if Gmail, Yahoo, Hotmail and Outlook.com decide to not accept email which doesn't have DKIM signature (OR, Sender ID, SPF, DKIM, whatever they think it's best) after Jan 1st, 2018, everything will change. we will have a better world. If ISPs still accept emails without DKIM (or ...), other mail server admins won't consider it seriously.

And i don't think DMARC is the silver bullet.

3 (edited by hifall 2018-09-17 12:14:34)

Re: Does iredmail upholds the DMARC, DKIM, SPF policies?

To support SPF on your server, you can install Python policy server for SPF checking. Similarly you can install OpenDKIM for DKIM, and OpenDMARC for DMARC.

DMARC, together with Authenticated Received Chain (ARC, http://arc-spec.org), is very effective in fighting against email domain spoofing attacks.

If you are trying to implement DMARC for your email infrastructure, you can use free tools by dmarcly (https://dmarcly.com/tools). A p=reject DMARC implementation will provide great security for your email.