DMARC-Domain Based Message Authentication,Reporting and Conformance
- Domain Based Message Authentication,Reporting and Conformance is an email validation system designed to detect and prevent email spoofing.It can also help combat phishing and protect your reputation.It is a framework that works on top of Sender Policy Framework (SPF) and Domain Keys Identified Mail (DKIM)
Q.Why DMARC?
- Email is easy to spoof.Users find it difficult to identify a real message from the fake ones.Organisations do not know if fake mails are sent on their behalf.It helps addressing these issues helping email senders and receivers work together to better secure emails thus protecting users and brands from costly abuse
Q.How DMARC works?
- If the DMARC policy is “none”, then the receiving email providers will not take any action on the emails that failed DMARC and send the reports to the email addresses given
- This is to get reports and verify if all your email servers and systems are signing outgoing emails with DKIM keys, and the IP addresses of these systems are present in the SPF records.
- If the DMARC policy is “Quarantine”, then the receiving email providers will place the emails that failed DMARC in the bulk/junk/spam folder and will not deliver them in the inbox. Reports are sent to the email addresses given.
- If the DMARC policy is “Reject”, then the receiving email providers will bounce the emails that failed DMARC. They will not be delivered anywhere. Reports are sent to the email addresses given.
Q.How to setup DMARC for my domains in RediffmailPro?
- For domains sending mails from our system with Dmarc Dashboard access:-
i. Publish SPF and DKIM key in the DNS and verify the same using MXtoolbox or any web portal for checking DKIM key/SPF key. Both are txt records , for sPF simply publish a txt record against the domain name.
For DKIM , key = epro._domainkey.DOMAINNAME. Please replace “DOMAINNAME” with the actual domain name.
ii. Make sure the syntax is proper and no spaces present in DKIM value part.Selector=epro and domain= respective domain names.
iii. Get the forwarding ids created in rediffmailenterprise.com
iv. Enable signing of mails with specific domainname in DKIM signature.
v. Create rua ids in the user’s domain, if user is ready.
vi. Add auto-forwarding in RUA ids of user domains to rediffmailenterprise.com domain ids.
If directly rediffmailenterprise.com rua id is going to be used, Publish DMARC record for reports in DNS
vii. Enable RUA report processing and DMARC dashboard access.
viii.Share DMARC record with the user and ask them to publish it in the DNS.
ix. Wait for one day for reports to be delivered and processed. Details should be visible in DMARC dashboard.
- For domains sending mail from our system without Dashboard access.
i. Publish SPF and DKIM key in the DNS and verify the same using MXtoolbox or any web portal for checking DKIM key/SPF key. Both are txt records , for sPF simply publish a txt record against the domain name.
For DKIM , key = epro._domainkey.DOMAINNAME. Please replace “DOMAINNAME” with the actual domain name.
ii. Make sure the syntax is proper and no spaces present in DKIM value part.Selector=epro and domain= respective domain names.
iii. Enable signing of mails with specific domainname in DKIM signature.
iv. create rua ids in rediffmailenterprise.com.
v. Publish DMARC record for reports in DNS
vi. Publish DMARC txt record in DNS for the domain.
Q. How to declare the DMARC Policy for my domains in RediffmailPro?
· Same steps as mentioned above.
Q. Where can I find my SPF and DKIM settings for my RediffmailPro Account?
· If user is using only Rediff smtp then please add the below mentioned spf
· SPF record: v=spf1 redirect=_spf.rediffmailpro.com
· DKIM record:
· We provide the public key for the DKIM record. If user want us to sign their outgoing mails with domain in DKIM, we will share the public key they need to be published the same in DNS.