SOTA
asked on
DMARC reports
I just setup DMARC reports on my domain.
Now I am getting reports. One for example says the following:
This is a spf/dkim authentication-failure report for an email message received from IP 39.167.130.135 on Fri, 15 Dec 2017 01:02:42 +0800.
Below is some detail information about this message:
1. SPF-authenticated Identifiers: none; 2. DKIM-authenticated Identifiers: none; 3. DMARC Mechanism Check Result: Identifier non-aligned, DMARC mechanism check failures;
Emails are being randomly generated with addresses that do not exist like "434321@mydomain.com".
What do I do now? I obviously do not want these to be sent. They should be stopped I their tracks.
Here is my DMARC record:
v=DMARC1; p=none; rua=mailto:dmarc@mydomain. com; ruf=mailto:dmarc@mydomain. com; sp=none; ri=86400
Do I need to do anything?????
Newbie at this.
Thanks!
Now I am getting reports. One for example says the following:
This is a spf/dkim authentication-failure report for an email message received from IP 39.167.130.135 on Fri, 15 Dec 2017 01:02:42 +0800.
Below is some detail information about this message:
1. SPF-authenticated Identifiers: none; 2. DKIM-authenticated Identifiers: none; 3. DMARC Mechanism Check Result: Identifier non-aligned, DMARC mechanism check failures;
Emails are being randomly generated with addresses that do not exist like "434321@mydomain.com".
What do I do now? I obviously do not want these to be sent. They should be stopped I their tracks.
Here is my DMARC record:
v=DMARC1; p=none; rua=mailto:dmarc@mydomain.
Do I need to do anything?????
Newbie at this.
Thanks!
Check your settings by https://mxtoolbox.com/NetworkTools.aspx and if tests failed it is mean that you have something wrong with DNS configuration.
ASKER
Thanks!
This is a report that 434321@mydomain.com is invalid.
Since you've set p=none on your DMARC record, add you get is a report + the message goes through.
Set p=reject to have forged email dropped every where.
Or maybe refer to https://en.wikipedia.org/w iki/DMARC for various DMARC policies, which are less restrictive.
You may also adjust your DKIM settings, if you prefer boosting restrictiveness via DKIM.
In general, SPF + DKIM + DMARC, tends to be complex. If you have infinite free time, handle this yourself.
If you have other things to do, besides mess with constant delivery problems, use a relay service like MailGun.
If you simply must run in house mail, you can cheat by running different domains through the Dmarcian Tools, like Gmail + Mailgun to see how they adjust all their settings.
Since you've set p=none on your DMARC record, add you get is a report + the message goes through.
Set p=reject to have forged email dropped every where.
Or maybe refer to https://en.wikipedia.org/w
You may also adjust your DKIM settings, if you prefer boosting restrictiveness via DKIM.
In general, SPF + DKIM + DMARC, tends to be complex. If you have infinite free time, handle this yourself.
If you have other things to do, besides mess with constant delivery problems, use a relay service like MailGun.
If you simply must run in house mail, you can cheat by running different domains through the Dmarcian Tools, like Gmail + Mailgun to see how they adjust all their settings.
ASKER
Thanks for this! The thing is not all DMARC reports are showing spoofed emails. My concern is if I set p=reject, then I might inadvertently reject legitimate emails.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Great help!!
ASKER
Great point...thanks!!!