PowerMTA Support Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

PowerMTA 5.5r1 is out!!!!  Please contact support@port25.com for a license and download access.

Author Topic: DMARC  (Read 66736 times)

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Logged

concep

  • Jr. Member
  • **
  • Karma: +2/-18
  • Posts: 17
Re: DMARC
« Reply #1 on: January 31, 2012, 06:18:00 AM »

Thanks for posting this.

Does this mean that "dkim-identity" directive wont work anymore as I think they require the "d=" value to match the from domain.

For ESPs that have more than one client on an IP it could cause some issues?

Cheers
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: DMARC
« Reply #2 on: January 31, 2012, 07:01:56 AM »

Based on the initial draft, supporting either a relaxed or strict option (with relaxed meaning matching subdomains and not unrelated domains), it does appear on the surface that sites using a 3rd party signer via the dkim-identity feature in DKIM cannot use DMARC. 

Perhaps that will change as more are involved in the standard.
Logged

finepublications

  • Guest
Re: DMARC
« Reply #3 on: January 31, 2012, 11:45:34 AM »

Hi Friend,
   So,sub domains reputation is not dependent on main domain?And What are things this DMARC will affect?
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: DMARC
« Reply #4 on: January 31, 2012, 11:58:33 AM »

From the WWW site;

A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes - such as junk or reject the message. DMARC removes guesswork from the receiver's handling of these failed messages, limiting or eliminating the user's exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation.
Logged

finepublications

  • Guest
Re: DMARC
« Reply #5 on: January 31, 2012, 12:06:15 PM »

So,here after no one cant do fraud things in DKIM and SPF,it's Really great.
Logged

CaLViN

  • Hero Member
  • *****
  • Karma: +43/-2
  • Posts: 1233
  • Hasan Kurtoglu
    • PowerMTA Administration Service
Re: DMARC
« Reply #6 on: January 31, 2012, 03:33:54 PM »

I do not think it will be used by general,it looks like that is special way of protecting BIG brands.
Logged

Professional PowerMTA Administrator - Deliverability Expert

Contact me for Consultancy needs!

daniel

  • Full Member
  • ***
  • Karma: +6/-9
  • Posts: 192
Re: DMARC
« Reply #7 on: November 19, 2012, 06:16:22 PM »

I've heard more about DMARC recently, and that at least Google is/was honoring it. Does anyone know whether they still are or if other ISPs have joined in?

I understand the comment and reasoning about DMARC only helping big brands find out if there are large sources of phishing email or other unauthorized spoof emails, but I do think DMARC would be helpful for smaller senders who want to lock down their email so that only they send email from their domain and the main ISPs block email if it doesn't really come from them.

One of the interesting things about DMARC though is that you can receive reports of violations from the receiving ISP.
Will DMARC formatted responses be supported by PowerMTA? ie. similarly to the handling of feedback loop emails?
They are in a new Authentication Failure Reporting Format (AFRF) which is a subset of ARF format.
See http://www.dmarc.org/specification.html.
Logged

Port25-Admin2

  • Global Moderator
  • Hero Member
  • *****
  • Karma: +35/-1
  • Posts: 1527
Re: DMARC
« Reply #8 on: November 19, 2012, 06:27:18 PM »

It is on the radar and a possibility, just depends on demand.
Logged

AlwindB

  • Jr. Member
  • **
  • Karma: +5/-11
  • Posts: 21
    • Measuremail B.V.
Re: DMARC
« Reply #9 on: November 21, 2012, 05:52:59 AM »

we're implementing the _dmarc record per default with all our (new) customers, gives us more information about where the email goes and if they are suffering from possible Phishing/Spoofing of domains.

We see in the Netherlands that banks are adopting DKIM/SPF and DMARC much faster to prevent/protect customers against phishing.
At this point XS4ALL is reporting, so if you implemented DMARC  :D According to ING (dutch bank) they lowered the amount of phishing messages. (Dutch article: http://www.ing.nl/nieuws/nieuws_en_persberichten/2012/09/xs4all_en_ing_samen_valse_emails_te_lijf.aspx)

The DMARC reports tell you which IP is sending e-mail and pretending to be domain X, it also validates SPF and DKIM.
If you set the policy records you can advise what the ISP should do if they receive messages that fail the SPF or DKIM check.

The aggregated reports or authentication failed reports are nothing like Feedbackloop messages, so the only use for them is separate interpretation of your email/domain flows.
Logged