[prev in list] [next in list] [prev in thread] [next in thread]
List: postfix-users
Subject: Re: DMARC usage opinion
From: Roberto Carna <robertocarna36 () gmail ! com>
Date: 2019-12-18 13:18:56
Message-ID: CAG2Qp6vD2m1X65fLTTpmrbM1ETUv7Fh4_+uFjdF-h21CbGvs2g () mail ! gmail ! com
[Download RAW message or body]
Perfect!!!
Now I understand and I'll to start DMARC implementation with p=none to see
what happen.
Regards !!!
El mié., 18 dic. 2019 a las 7:22, Gregory Heytings (<ghe@sdf.org>) escribió:
>
> Hi,
>
> I'd second Viktor Dukhovni's opinion. For the vast majority of mail
> servers, a minimalistic DMARC policy suffices, just add the following
> record in the domain's DNS root zone:
>
> _dmarc 10800 IN TXT "v=DMARC1; p=none;"
>
> If you want to go a step further, you can just monitor how DMARC is
> applied by receiving mail servers to mails that (pretend to) come from
> your domain. Just add a "rua" ("reporting aggregate reports") entry:
>
> _dmarc 10800 IN TXT "v=DMARC1; p=none; rua=mailto:
> postmaster@yourdomain.com"
>
> You'll then start receiving a daily report from the mail servers that
> implement DMARC reporting *and* that received at least one mail coming
> from (or pretending to come from) your domain. In most cases you'll only
> receive reports from Google and Yahoo. These reports are XML files, which
> are difficult to read, so you should find a tool that helps you to make
> sense of them.
>
> The possible next steps are to use "p=quarantine", which basically means
> "deliver the mail but flag it as spam", and "p=reject", which means what
> it means: do not accept the email. But as Viktor said these policies are
> not recommended for a domain which does not handle sensitive information
> (bank, government, hospital, ...).
>
> Gregory
>
[Attachment #3 (text/html)]
<div dir="ltr">Perfect!!!<div><br></div><div>Now I understand and I'll to start \
DMARC implementation with p=none to see what happen.</div><div><br></div><div>Regards \
!!!</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">El \
mié., 18 dic. 2019 a las 7:22, Gregory Heytings (<<a \
href="mailto:ghe@sdf.org">ghe@sdf.org</a>>) escribió:<br></div><blockquote \
class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid \
rgb(204,204,204);padding-left:1ex"><br> Hi,<br>
<br>
I'd second Viktor Dukhovni's opinion. For the vast majority of mail <br>
servers, a minimalistic DMARC policy suffices, just add the following <br>
record in the domain's DNS root zone:<br>
<br>
_dmarc 10800 IN TXT "v=DMARC1; p=none;"<br>
<br>
If you want to go a step further, you can just monitor how DMARC is <br>
applied by receiving mail servers to mails that (pretend to) come from <br>
your domain. Just add a "rua" ("reporting aggregate reports") \
entry:<br> <br>
_dmarc 10800 IN TXT "v=DMARC1; p=none; rua=mailto:<a \
href="mailto:postmaster@yourdomain.com" \
target="_blank">postmaster@yourdomain.com</a>"<br> <br>
You'll then start receiving a daily report from the mail servers that <br>
implement DMARC reporting *and* that received at least one mail coming <br>
from (or pretending to come from) your domain. In most cases you'll only <br>
receive reports from Google and Yahoo. These reports are XML files, which <br>
are difficult to read, so you should find a tool that helps you to make <br>
sense of them.<br>
<br>
The possible next steps are to use "p=quarantine", which basically means \
<br> "deliver the mail but flag it as spam", and "p=reject", \
which means what <br> it means: do not accept the email. But as Viktor said these \
policies are <br> not recommended for a domain which does not handle sensitive \
information <br> (bank, government, hospital, ...).<br>
<br>
Gregory<br>
</blockquote></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic