DMARC
Question asked by Robbie Wright - September 5, 2014 at 2:20 PM
Unanswered
So we have the box checked to turn dmarc on for incoming mail. I'm curious what it is doing in the background though as I didn't see any documentation on it. If the sending domain has dmarc set to quarantine for example, does SM dump it to junk? If they are set to reject, how do we know about it, since presumably, it wouldn't hit the spam filters? Or maybe it does hit the spam filters. Anyone have an example of a log entry of dmarc rejecting or quarantining an item?

7 Replies

Reply to Thread
0
Bruce Barnes Replied
Send a message to mailtest@unlocktheinbox.com and it will tell you if you are fully DMARC compliant.
 
May have already told you this, but my document, at: Why Am I Having Problems Getting My E-Mail Delivered?  It contains a lot of DMARC, and other important information to help you become compliant.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Thanks for the reply Bruce. I'm intimately familiar with dmarc and how to set it up. I'm after exactly how SM handles dmarc on incoming domains. A check box that says "Enable DMARC policy compliance check" doesn't really say exactly what it is doing. Does it actually quarantine dmarc failures if that's what the sender's domain says? Does it put it in the virus quarantine folder or does it sit in the spool? Are dmarc rejections listed in the logs?
1
And your document on deliver is awesome, btw.
0
Bruce Barnes Replied
No.  Check www.dmarc.org.  While controversial, the SENDER determines what happens when DMARC is checked.  It's only quarantined if that's the sender's policy.
 
I believe that SmarterMail now notes DMARC policy application - without specifics, in the SMTP logs, but only if they are set to detailed.
Bruce Barnes
ChicagoNetTech Inc
brucecnt@comcast.net

Phonr: (773) 491-9019
Phone: (224) 444-0169

E-Mail and DNS Security Specialist
Network Security Specialist

Customer Service Portal: https://portal.chicagonettech.com
Website: https://www.ChicagoNetTech.com
Security Blog: http://networkbastion.blogspot.com/

Web and E-Mail Hosting, E-Mail Security and Consulting
0
Bruce, I under that the sender and their dmarc record dictate how handle failures. I'll double check our smtp logs for dmarc notes. My question is about how SM handles the difference between quarantine and reject.
0
Eric Tykwinski Replied
Apologies about bringing up this old post, but it's on topic.
I'm finally starting to setup DMARC on some test domains, and figuring things out.
So I've got the following policy setup:
_dmarc.virtcolo.com.    3600    IN      TXT     "v=DMARC1; p=reject; rua=mailto:postmaster@virtcolo.com; ruf=mailto:postmaster@virtcolo.com; fo=s; adkim=s; aspf=s; rf=afrf; sp=reject"
 
SPF and DKIM are fine.
virtcolo.com.           3600    IN      TXT     "v=spf1 a mx ~all"
postfix._domainkey.virtcolo.com.  ....
 
Emailing from my server works fine, but manually telneting into SmarterMail and sending an email to my work address isn't being rejected as I would expect.  Is this a bug on SM?
Running Enterprise v15.0.5976
 
0
Robbie Wright Replied
Not 100% sure, but that record looks pretty complicated. I also wouldn't set it to reject out of the gate. Set it to none first and make sure you know what is not matched. Then tweak it up to quarantine and finally reject.

Reply to Thread