EmailDiscussions.com  

Go Back   EmailDiscussions.com > Discussions about Email Services > The Technical Zone...
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read
Stay in touch wirelessly

The Technical Zone... The Geeky forum... Use this forum to discuss technical aspects of email, from authentication protocols to encryption.

Reply
 
Thread Tools
Old 31 Jan 2018, 02:15 AM   #1
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
Understanding DMARC

I dabbled with this a while ago, but really didn't understand what was happening.

I've decided to have another go (not with my main domain yet!) to try and get a better understanding.

What I would like to do is create a DMARC record so that any e-mail that wasn't sent by myself generates a daily report. I don't really want to receive a daily report about every e-mail that I send myself.

Presumably this is where "quarantine" comes into the mix.

Could anyone with DMARC experience please explain, preferably in layman's terms, how I could do this?
FredOnline is offline   Reply With Quote

Old 31 Jan 2018, 03:54 AM   #2
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
I have DMARC set up for my personal domain. Here is what you need to do (assuming your domain was example.com):
  • Set up a SPF record for your domain and only send from servers allowed by that record.
  • Set up a DMARC record for your domain and only send through outgoing servers which properly sign your messages.
  • Add a TXT record for your domain with the name _dmarc.example.com and contents similar to:
    Code:
    v=DMARC1; p=quarantine; rua=mailto:postmaster@example.com; ruf=mailto:postmaster@example.com
  • The policy (p=) can be “none”, “quarantine”, or “reject”. I tried all three, and was brave enough to start using p=reject a few months ago. So far it seems to be working well.
  • ”rua” are aggregate reports. “ruf” are failure reports. See FAQ here:
    https://dmarc.org/wiki/FAQ
Bill
n5bb is offline   Reply With Quote
Old 31 Jan 2018, 04:08 AM   #3
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
Thanks, Bill!

My record currently:
v=DMARC1; p=none; rua=mailto:dmarc@mydomain.com

I understand that record just monitors but does nothing else, that's OK.

But what I want is reports ONLY for a failure - that is e-mails NOT sent by myself.

So the "ruf" in your example is for reporting errors.

If I just want to hear about errors do I remove the "rua" bit, replace with "ruf" and change the "none" to "quarantine"?
FredOnline is offline   Reply With Quote
Old 31 Jan 2018, 04:47 AM   #4
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
Just changed my test DMARC record:

v=DMARC1; p=quarantine; rua=mailto:dmarc-rua@mydomain.com; ruf=mailto:dmarc-ruf@mydomain.com

I've created a different alias for each report, so that with filters set up in my e-mail account, I can see what rua and ruf reports get generated, etc.

Just need then to understand what the reports are telling me!
FredOnline is offline   Reply With Quote
Old 31 Jan 2018, 12:27 PM   #5
n5bb
Intergalactic Postmaster
 
Join Date: May 2004
Location: Irving, Texas
Posts: 8,917
I use a free dmarcian account:
https://dmarcian.com/plan-free/
That website has many tools for helping you set up DMARC and checking how your DMARC, SPF, and DKIM settings are working. I’m only testing my single personal domain (low volume), so the free tool works fine for me. I use a Fastmail rule to forward the DMARC XML reports coming in from various email services to the special dmarcian address set up for my account. You can also specify that special dmarcian account address in the “rua” field of the DMARC DNS record.

Bill
n5bb is offline   Reply With Quote
Old 31 Jan 2018, 02:59 PM   #6
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
Thanks for that link and information, Bill.

A quick look at their terms indicates even the free service requires your credit card information at subscription, which is something I prefer not to do.

For now, I'll just monitor myself how and if it works for me.
FredOnline is offline   Reply With Quote
Old 2 Feb 2018, 08:33 PM   #7
FredOnline
The "e" in e-mail
 
Join Date: Apr 2011
Location: Manchester UK
Posts: 2,616
Quote:
Originally Posted by n5bb View Post
I use a free dmarcian account:
https://dmarcian.com/plan-free/
That website has many tools for helping you set up DMARC and checking how your DMARC, SPF, and DKIM settings are working. I’m only testing my single personal domain (low volume), so the free tool works fine for me. I use a Fastmail rule to forward the DMARC XML reports coming in from various email services to the special dmarcian address set up for my account. You can also specify that special dmarcian account address in the “rua” field of the DMARC DNS record.
Just found this on the dmarcian website:

XML to Human Converter

Tried this out to read my reports and it works OK.

And so far, they haven't asked for my credit card information!
FredOnline is offline   Reply With Quote
Reply


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Forum Jump


All times are GMT +9. The time now is 01:52 PM.

 

Copyright EmailDiscussions.com 1998-2022. All Rights Reserved. Privacy Policy