Announcement

Collapse
No announcement yet.

DMARC protocol for email

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

    DMARC protocol for email

    What is the scoop on this protocol. What are the benefits? When is it really necessary? Thoughts? And a practical question, is it possible to configure so the failed email reports aren't spamming the email domain?

    Thanks,

    Scott

    What help do you need today!
    Interactive Design Solutions http://www.southbound.com
    MivaMerchant Business Partner | Certified MivaMerchant Web Developer
    My T-shirt Collection is mostly MivaCon T-shirts!!
    Competitive Rates, Popular Modules, and Integrations:
    Product Copy | AutoBaskets | Waitlist Integration| Wholesale Integration

    #2
    Properly implemented, the benefits to a domain using DMARC are allowing for authentication by a receiving mail server that the sender showing in the From header of a message arrived in a manner the organization approves of; i.e. anti-spoofing/forgery. It typically will result in better deliverability to inboxes vs spam folders, but can also help an organization prevent mis-use of their domain name. To implement effectively though, it should be used with an all or nothing policy, where all emails bearing the sending domain are required to be sent in a manner that abides by the published policy.
    David Hubbard
    CIO
    Miva
    [email protected]
    http://www.miva.com

    Comment


      #3
      Thanks David. How can we boil this down? For the "All or Nothing," are you saying that if you configure to not receive the email reports then you are on the nothing side?
      What help do you need today!
      Interactive Design Solutions http://www.southbound.com
      MivaMerchant Business Partner | Certified MivaMerchant Web Developer
      My T-shirt Collection is mostly MivaCon T-shirts!!
      Competitive Rates, Popular Modules, and Integrations:
      Product Copy | AutoBaskets | Waitlist Integration| Wholesale Integration

      Comment


        #4
        Oh, no I'm referring to the policy portion. You can set up a DMARC and/or SPF policy that states "mail from domain xyz.com MUST ONLY arrive from the following list of permitted systems", but you can also set a policy that states "mail from domain xyz.com MAY arrive from the following list of permitted systems." If you do the latter, the mail will generally not be treated much better than if you had no policy at all, making the effort probably not worth the outcome. If you do the former, you must ensure it's done properly and thoroughly or mail from legit sources would be rejected; and similarly, if something changes and the record is not updated to reflect that, same issue can result.

        You won't generally receive undeliverable reports for forged emails if a strict policy has been put in place, because those messages would be rejected at delivery time, or the more intelligent filters would know they're rejecting due to forgery and that there's no point bouncing to the purported sender.
        David Hubbard
        CIO
        Miva
        [email protected]
        http://www.miva.com

        Comment

        Working...
        X