Questions tagged [dmarc]
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.
67
questions
4
votes
1
answer
2k
views
Does gmail still ignore DKIM if SPF passes, DMARC style?
This blog post from 2016 shockingly implies that gmail will accept an email if either SPF or DKIM passes. We use G suite SMTP servers, therefore SPF provides almost zero protection from spoofing. Is ...
- 43
8
votes
1
answer
7k
views
Enforcing DMARC policy (reject) on an Office 365 tenant
The domain & tenant has SPF and DKIM properly configured and DMARC policy set to p=reject. Still, emails spoofed with the domain in the From header aren't rejected, but appear in the Junk Email ...
- 19.1k
1
vote
1
answer
266
views
DMARC & failing SPF
I would like to clarify the following scenario with DMARC, (assuming there is a publish DMARC policy):
SPF fails
No (aligned or any) DKIM records
Should result of DMARC check be none or fail? ...
- 113
0
votes
0
answers
45
views
Do we need SPF when we have DKIM? [duplicate]
I always thought that to authenticate email we needed both SPF and DKIM (and DMARC). But email is confusing and recently I found myself asking why we can't do with just SPF or DKIM. I then discovered ...
- 199
2
votes
2
answers
4k
views
DMARC report for mails I didn't send
I set up DKIM, DMARC and SPF on my domain/server a few years ago, and never touched it again since then.
Here are my DNS records (my domain is mydomain.com and my IP addresses are 1.1.1.1 and 2001::1)...
- 23
8
votes
3
answers
17k
views
Why is DMARC failing when SPF and DKIM are passing?
I've seen this question asked before, but unfortunately, don't understand the responses. I think its something to do with "from" headers being defined differently by different standards. I've added ...
7
votes
1
answer
7k
views
DMARC "policy_evaluated" is "fail" for SPF, even when SPF domain alignment is "relaxed"?
A DMARC aggregate report which I received reads (irrelevant pieces removed, domains changed):
<record>
<row>
<policy_evaluated>
<disposition>none</...
7
votes
2
answers
2k
views
How did a phishing email pass SPF, DKIM and DMARC?
A friend received a spoofed email (from Bank of America using an uber.com address) which was correctly identified as 'spam' by Gmail. However, looking at the raw message it seems to have passed SPF, ...
- 591
3
votes
2
answers
266
views
What is the reason for DMARC spec to not require specifically SPF or DKIM pass?
DMARC produces "pass" result if and only if at least one of SPF and DKIM checks pass. It has been noted that DKIM provides stronger protection of the two (if implemented properly). But, in ...
0
votes
1
answer
2k
views
Soft-fail vs Hard-fail SPF + Monitor vs Reject+Strict DMARC, could it be counterproductive?
I have a ProtonMail premium plan with one custom domain and a single email address. My domain DNS is protected with DNSSEC.
What caught my eye were two things they recommended in the domain setup:
...
- 1,717
1
vote
1
answer
756
views
Does a domain with no SPF record count as a DMARC pass or fail?
Learning about how SPF/DMARC work right now. What I don't see a lot of the articles covering is what happens if there is no published SPF record for the domain. From what I can see most mail servers ...
- 885
1
vote
2
answers
330
views
SPF, DKIM and DMARC - How do receiving/recipient mail servers know how and when to validate the mail?
I have spent a bit of time researching SPF, DKIM and DMARC mechanisms however If I understand correctly, these help the recipient to confirm whether the domain is legitimate but only if they have ...
- 13
3
votes
2
answers
3k
views
Bypassing OpenDMARC checks by forging Authentication-Results
In order to have mail exchanger MX servers to be able to deliver mail to the primary MX, both SPF and DMARC checks needs to be bypassed when the connection is made from a secondary MX. For SPF this is ...
- 19.1k
0
votes
2
answers
1k
views
DMARC on ProtonMail custom domain
I began using ProtonMail email service, I like it that much, that I connected my domain yesterday and did appropriate changes to DNS.
This page of ProtonMail's knowledgebase says how DMARC shall be ...
- 1,717
1
vote
1
answer
649
views
dkim passes under a different domain's dkim
I read that a SPF fail with DKIM pass means someone has forwarded an email with our domain name attached. I haven't sent any emails to this domain. Is this domain trying to send emails with my domain? ...
- 13