Questions tagged [dmarc]
DMARC (Domain-based Message Authentication, Reporting and Conformance) is an email authentication protocol. It is designed to give email domain owners the ability to protect their domain from unauthorized use, commonly known as email spoofing.
67
questions
3
votes
2
answers
2k
views
DMARC/SPF/DKIM - forward quarantine emails to a separate email address
Is there a way with DMARC/SPF/DKIM to forward all emails that fail DMARC to an email address I specify?
Ie, if someone tries to spoof an email saying it's from me, and it fails, I'd like that email ...
3
votes
3
answers
963
views
What does a failed SPF record tell me from a DMARC Aggregate report?
I just started receiving DMARC aggregate reports. I am trying to understand what it means for a Source IP to fail SPF. Does this mean that the domain that failed the SPF tried to send an email on ...
0
votes
4
answers
586
views
Suspicious Entry in DMARC Report
I recently contacted a vendor of security-related development libraries to ask for a quote (I won't name them yet).
The next day, Postmark sent me my weekly DMARC report - and it contained 2 failed ...
1
vote
1
answer
163
views
Verify senders of earlier emails in chain
I know that an emails' sender can be verified e.g. through DKIM.
If I receive an email chain containing replies, forwards, etc. is there any way to verify the sender of other (earlier) emails in the ...
2
votes
1
answer
227
views
Are high levels of email spam normal?
I have got my SPF, DKIM & DMARC records correctly setup and I have started using a DMARC analysis service.
One thing I have noticed is the volume failures. For example, in the last 3 days I have ...
0
votes
2
answers
1k
views
Why did spoof email receive a "pass"? And why didn't it show up in the aggregate report?
Good Morning All, I've been thrown into the deep end with a request from my director. I know little of DMARC and email spoofing in general, but I'm trying to somehow weed out WHY this spoof email "...
1
vote
1
answer
482
views
Why so many DMARC failures? When to move on?
I just started getting DMARC aggregate reports for our newly-DKIM'd environment in passive mode ("p=none;") and notice a strange trend:
Almost 1/4 of the IPs in any given provider report DKIM auth ...