DKIM & DMARC Implementation Confusion

Charles Hurst
Charles Hurst used Ask the Experts™
on
Hi,

We are looking to implement DKIM and DMARC, we already have SPF enabled and working.

I understand DKIM and DMARC to quite a good level, however one thing I do not seem to be able to find a clear answer on is implement steps, by this I mean the process of rolling this out (mainly order of DNS changes);

I guess that with DKIM, as long as its not enabled on your outgoing smarthost then you can apply the public DNS record and it is simply ignored by all as the Email header has not been modified?

However with DMARC if a DMARC record exists in your DNS, even with DKIM disabled/deactivated does the DMARC record get quried by your recipients? I have read that some companies use DMARC with only SPF so I assume the answer is Yes it does impact your Emails even with DKIM disabled.

We have a number of third parties so we are trying to align all our DKIM DNS records before activating.

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
IT Service Manager
Top Expert 2012
Commented:
However with DMARC if a DMARC record exists in your DNS, even with DKIM disabled/deactivated does the DMARC record get quried by your recipients?

Yes.. we can configure DMARC without enabling DKIM. DMARC validates the SPF configuration and act based on the DMARC settings
Jackie Man IT Manager
Top Expert 2010
Commented:
DMARC if a DMARC record exists in your DNS, even with DKIM disabled/deactivated does the DMARC record get quried by your recipients?

Correct.

DMARC is a TXT record of your domain.

https://blogs.technet.microsoft.com/fasttracktips/2016/07/16/spf-dkim-dmarc-and-exchange-online/
Charles HurstContract Senior Consultant

Author

Commented:
Thanks Rajumar,

So DMARC will sit there quite happily just with SPF until DKIM is enabled.

Is there any DMARC settings which would case this to fail, I know there is obviously a number of options you can set in the record.
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Charles HurstContract Senior Consultant

Author

Commented:
Thanks Jackie,

That link is helpful... even if we rollout DMARC with p=none and DKIM checks fail the Emails will still be deliveried so we can rollout this way and change at a later date when we are ready.

Thanks
Charles HurstContract Senior Consultant

Author

Commented:
Thanks for the help
Jackie Man IT Manager
Top Expert 2010

Commented:
Correct.

Only DKIM is a little bit tricky to setup. DMARC is pretty straightforward.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial