Enable DMARC policy compliance check (how does SM handle DMARC?)
Question asked by Michael Breines - September 25, 2017 at 10:04 AM
Answered
Can we get some background or KB article on how exactly Smarter Mail enforces DMARC policy?
 
In the Antispam Administration | Options there is the option for: "Enable DMARC policy compliance check"
 
My question is:
How does Smarter Mail enforce DMARC policy?
For example: does the SM server regularly reply to domains "ruf" or "rua" email addresses with reports? From what "from" address does the SM server send these notices to the addresses listed in the DNS?
 
Some more background on DMARC would be nice. DMARC seems to be catching on and I feel we should start to be compliant for inbound message processing. But SM documentation and help articles on the subject is very scarce.

12 Replies

Reply to Thread
1
John Ellis Replied
Greetings SmarterTools Staff! I have the same question as Michael. What happens when we "Enable DMARC policy compliance check"?
1
I haven't heard back to the post in more than a year. It left me the impression that dmarc was a little half baked at least in v15
0
Maybe DMARC is handled better in upcoming 17.x?
1
Scarab Replied
Michael,

TBH I haven't paid much attention to how well it specifically works in SM anymore as we disabled it a long time ago (shortly after the feature was initially released) as it caused far more trouble than it was worth. The general SM Admin consensus seems to have been to leave it disabled ever since.

In theory, the DMARC policy conformance check should query to see if there is a DMARC policy for a domain, then it would check SPF & DKIM and if either fails do according to the DMARC policy if one exists (the options being "none", "quarantine", or "reject"). Even if the SM implementation works flawlessly there is going to be an issue with any email that is sent from a forwarder, resulting in hundreds of bounces for each forwarding address that forwards to an account on your server. I also seem to recall that at the time UPS didn't have their SPF Records aligned properly and since they had a "reject" DMARC policy it resulted in all of their emails were being rejected...which the majority of our users run mom-and-pop ecommerce sites and are dependent upon their UPS emails...and since UPS didn't seem intent on fixing it by updating their SPF record over the course of 6+ months we just disabled it. AMEX, PayPal, and a few other important domains had similar issues.

It's one of those things that is a great idea. but In practice, however, it can be a huge mess. It's not like Spammers use DMARC policy and all it does is prevent Spoofing, which if you score SPF and DKIM hard-fails high enough it accomplishes the same thing with far less headache.
1
Michael Breines Replied
Now that V17 (100) is in full swing. I wonder if Smarter Tools brass can comment more now? Can we get some background or KB article on how exactly Smarter Mail enforces DMARC policy?
2
Michael Breines Replied
*bump*

Can we get some background or KB article on how exactly Smarter Mail enforces DMARC policy?

For example: does the SM server regularly reply to domains "ruf" or "rua" email addresses with reports? From what "from" address does the SM server send these notices to the addresses listed in the DNS (postmaster or ?) ?

Some more background on DMARC would be nice. DMARC seems to be catching on and I feel we should start to be compliant for inbound message processing.
0
Phill Healey Replied
HELLOOOOOOOOOOOOOOOOOOOOOOOOOOOOO!!!  Is there anybody out there? S.M.A.R.T.E.R.T.O.O.L.S......... Are you receiving? Over.

0
Ben Gilstrap Replied
Employee Post Marked As Answer
Michael,

SmarterMail enforces DMARC policy based upon however the DMARC record is configured.  If the ri (Reporting Interval) flag is set, it would send out reports at whatever interval is specified.  If that flag is omitted, reports default to being sent out every 24 hours.

I believe, though I'm not 100% certain, that the email address these reports would be sent from would be the system administrator email address.
Ben Gilstrap
Regional Sales Executive
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Michael Breines Replied
Ben, how can we learn more or see this within official documentation?
2
Ben Gilstrap Replied
Employee Post
Michael,

I've passed this along to the documentation team so that they can work on adding some more thorough documentation on how SmarterMail works with DMARC.
Ben Gilstrap
Regional Sales Executive
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Phill Healey Replied
Woot! Almost 2 years, but we finally got an answer!

(I notice my post requesting a response to this got removed though.)
2
Jorge EG Replied
Hi, Ben, thanks for your reply... When can we expect to have the new documentation on this topic?

Jorge

Reply to Thread