Greetings SmarterTools Staff! I have the same question as Michael. What happens when we "Enable DMARC policy compliance check"?

I haven't heard back to the post in more than a year. It left me the impression that dmarc was a little half baked at least in v15

Maybe DMARC is handled better in upcoming 17.x?

Michael,

TBH I haven't paid much attention to how well it specifically works in SM anymore as we disabled it a long time ago (shortly after the feature was initially released) as it caused far more trouble than it was worth. The general SM Admin consensus seems to have been to leave it disabled ever since.

In theory, the DMARC policy conformance check should query to see if there is a DMARC policy for a domain, then it would check SPF & DKIM and if either fails do according to the DMARC policy if one exists (the options being "none", "quarantine", or "reject"). Even if the SM implementation works flawlessly there is going to be an issue with any email that is sent from a forwarder, resulting in hundreds of bounces for each forwarding address that forwards to an account on your server. I also seem to recall that at the time UPS didn't have their SPF Records aligned properly and since they had a "reject" DMARC policy it resulted in all of their emails were being rejected...which the majority of our users run mom-and-pop ecommerce sites and are dependent upon their UPS emails...and since UPS didn't seem intent on fixing it by updating their SPF record over the course of 6+ months we just disabled it. AMEX, PayPal, and a few other important domains had similar issues.

It's one of those things that is a great idea. but In practice, however, it can be a huge mess. It's not like Spammers use DMARC policy and all it does is prevent Spoofing, which if you score SPF and DKIM hard-fails high enough it accomplishes the same thing with far less headache.

Now that V17 (100) is in full swing. I wonder if Smarter Tools brass can comment more now? Can we get some background or KB article on how exactly Smarter Mail enforces DMARC policy?

*bump*

Can we get some background or KB article on how exactly Smarter Mail enforces DMARC policy?

For example: does the SM server regularly reply to domains "ruf" or "rua" email addresses with reports? From what "from" address does the SM server send these notices to the addresses listed in the DNS (postmaster or ?) ?

Some more background on DMARC would be nice. DMARC seems to be catching on and I feel we should start to be compliant for inbound message processing.

HELLOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!  Is there anybody out there? S.M.A.R.T.E.R.T.O.O.L.S......... Are you receiving? Over.

Ben, how can we learn more or see this within official documentation?

Michael,

I've passed this along to the documentation team so that they can work on adding some more thorough documentation on how SmarterMail works with DMARC.

Woot! Almost 2 years, but we finally got an answer!

(I notice my post requesting a response to this got removed though.)

Hi, Ben, thanks for your reply... When can we expect to have the new documentation on this topic?

Jorge

Ben, how can we learn more or see this within official documentation?

Michael,

I passed this along to the documentation team; however, I don't believe the updated documentation has been published yet.

Ben, updating the documentation may be a process, but surely we can get an answer here in the forums by leadership... right?

For some time now we've been trying to understand how Smarter Mail enforces DMARC policy. Getting the answer has been painful.

For example: 

DMARC is clearly becoming more and more important. Many of us want to be compliant, but it's not clear how Smarter Mail handles DMARC enforcement and notification. Forget the documentation for the time being, maybe we can simply get some feedback here?

Hi Michael,

I've often looked for evidence that SM sends DMARC reports but haven't found even one shred, if you have a DMARC policy on your domain, as I do, I'd be happy to do some testing with you. We may end up creating a problem thread instead of requesting documentation updates.

Steve

Thanks Steve. We suspected the same which is why we asked the question. DMARC support seems minimal at the moment (which is too bad). It would just be great to get some feedback from development on this. Some transparency if possible.

DMARC = Dont Make Anyone (at SmarterTools) Remark & Consider (your questions).

It's all about MAPI and that is the only thing that matters to them these days.

I would also be interested to know how smartermail handle sending DMARC reports

DMARC is three different things:   (1) Enforcing sender's policy, (2) Collecting data and sending reports to senders that request reports, and (3) Receiving and analyzing reports about your own domain.   Item 3 has nothing to do with email reception, so it is out of scope for Smartermail.   Item 1 is useful even without item 2.   If there is no configuration and no documentation for DMARC reports, I would assume that item 2 is not implemented.

However, the DMARC policy in SM has no visible exception mechanism.  It seems unlikely to me that all DMARC-enabled senders will have their act together, so I am not likely to enable the feature.  If someone has figured out how to implement exceptions effectively, it would be interesting to hear your experience.

SmarterTools team can you shed some light on this regarding the processing of inbound messages?

We'd like to know if the SmarterMail server replies to domains "ruf" or "rua" email addresses with reports per the sending domain's DNS DMARC record?

Also...

From what "from" address does the SM server send these notices to the RUF / RUA addresses listed in the DNS (postmaster or ?)

What do the SM server reports look like and can they be customized?

SM does not do either type of report.   Creating a reporting system will require an external database, a task scheduler, and a lot of new code to populate the database and extract results. 

Based on data from more knowledgeable people, RUF reporting is rare.  Privacy concerns abound and volumes may be untenable.  As a result, it is usually limited to parties under specific contract with each other.