Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel
titleContents

Table of Contents
maxLevel2


Problem

Why it is so important to set the DMARC p-switch to reject.

Warning
It is a common mistake to configure DMARC for reporting and to forget about it afterwards. Loss in reputation comes gradually over time and is often only noticed when it's already too late. By thumb of fist it takes about as long to fix a broken reputation as it has taken this reputation to break.

Solution

Three things to remember:


  1. Excerpt

    The main purpose for DMARC is to set a policy (p). This policy contains the action that should take place when unauthenticated mail from this domain is received (and in no other case). The options are:

    1. none: to do nothing when authentication fails
    2. quarantine: to put the mail in the SPAM folder when authentication fails
    3. reject: to the message when authentication fails.

    Only by using the reject policy can a domain be fully protected.


  2. DMARC allows ISPs to rely not only on IP reputation, but also on domain reputation. Especially when sending via shared IPs, a good domain reputation can be helpful in delivering your emails to the right place. Without a DMARC record it is impossible for ISPs to reliably measure reputation for a domain.

  3. Any domain owner that does not protect with DMARC is vulnerable for phishing and spoofing abuse. Whenever your domain can be abused by a third party, your overall reputation is likely to suffer.

  4. DMARC reporting alone - as in the following example - does not provide protection against phishing and consequent loss in reputation. It provides reporting functionality only. Such a setting can be useful when evaluating the impact of switching the policy to reject. It is not useful in protecting your domain.

    Code Block
    # host -t txt _dmarc.sub.domain.TLD
    _dmarc.sub.domain.TLD descriptive text "v=DMARC1; p=none; rua=mailto:dmarc@mailmike.net;"


Content by Label
showLabelsfalse
max5
spacesKB
showSpacefalse
sortmodified
reversetrue
typepage
excludeCurrenttrue
cqllabel in ("reject","phishing","dmarc","configuration","none","policy") and type = "page" and space = "KB"
labelsdmarc configuration policy reject none phishing


Page properties
hiddentrue


Related issues




Inboxsys link back
Link2Login
TextAccount
LinkRegister

Inboxsys link back
Link2Book
TextSupport
LinkSupport

Inboxsys link back
Link2Resources
TextWebsite