1
DMARC
Question asked by Robbie Wright - September 5, 2014 at 2:20 PM
Unanswered
So we have the box checked to turn dmarc on for incoming mail. I'm curious what it is doing in the background though as I didn't see any documentation on it. If the sending domain has dmarc set to quarantine for example, does SM dump it to junk? If they are set to reject, how do we know about it, since presumably, it wouldn't hit the spam filters? Or maybe it does hit the spam filters. Anyone have an example of a log entry of dmarc rejecting or quarantining an item?

5 Replies

Reply to Thread
0
Bruce Barnes Replied
September 5, 2014 at 2:44 PM
Send a message to mailtest@unlocktheinbox.com and it will tell you if you are fully DMARC compliant.
 
May have already told you this, but my document, at: Why Am I Having Problems Getting My E-Mail Delivered?  It contains a lot of DMARC, and other important information to help you become compliant.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Robbie Wright Replied
September 5, 2014 at 2:52 PM
Thanks for the reply Bruce. I'm intimately familiar with dmarc and how to set it up. I'm after exactly how SM handles dmarc on incoming domains. A check box that says "Enable DMARC policy compliance check" doesn't really say exactly what it is doing. Does it actually quarantine dmarc failures if that's what the sender's domain says? Does it put it in the virus quarantine folder or does it sit in the spool? Are dmarc rejections listed in the logs?
1
Robbie Wright Replied
September 5, 2014 at 2:52 PM
And your document on deliver is awesome, btw.
0
Bruce Barnes Replied
September 5, 2014 at 2:59 PM
No.  Check www.dmarc.org.  While controversial, the SENDER determines what happens when DMARC is checked.  It's only quarantined if that's the sender's policy.
 
I believe that SmarterMail now notes DMARC policy application - without specifics, in the SMTP logs, but only if they are set to detailed.
Bruce Barnes
ChicagoNetTech Inc

Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Eric Tykwinski Replied
June 9, 2016 at 9:52 AM
Apologies about bringing up this old post, but it's on topic.
I'm finally starting to setup DMARC on some test domains, and figuring things out.
So I've got the following policy setup:
_dmarc.virtcolo.com.    3600    IN      TXT     "v=DMARC1; p=reject; rua=mailto:postmaster@virtcolo.com; ruf=mailto:postmaster@virtcolo.com; fo=s; adkim=s; aspf=s; rf=afrf; sp=reject"
 
SPF and DKIM are fine.
virtcolo.com.           3600    IN      TXT     "v=spf1 a mx ~all"
postfix._domainkey.virtcolo.com.  ....
 
Emailing from my server works fine, but manually telneting into SmarterMail and sending an email to my work address isn't being rejected as I would expect.  Is this a bug on SM?
Running Enterprise v15.0.5976
 

Reply to Thread