DMARC
- DMARC: Domain-based Message Authentication, Reporting, & Conformance
- Created in 2012 by engineers from Google, Yahoo, Microsoft, and Paypal
- Uses DKIM Keys and/or SPF checks to perform advanced validation on each email recieved
- DKIM: DomainKeys Identified Mail
- Uses DKIM signatures and DNS records on the sender’s domain to verify the integrity of an email’s content and its source
- SPF: Sender Policy Framework
- Allows users to authorize IP addresses to send email under a given domain
- Used by email providers like Gmail & Yahoo
- DKIM: DomainKeys Identified Mail
- DMARC Policy: DMARC auth allows a domain owner to specify their own authentication procedure
- Instructs the email server receiving the messages on what to do if an email fails to pass the DMARC test
- Quarantine
- None
- Reject
- Also provides reports with details of each check to improve processes and provide immediate warning if someone attempts to spoof your domain
- Instructs the email server receiving the messages on what to do if an email fails to pass the DMARC test
- DMARC Alignment Test: Series of one or more checks to see if the email will pass the DMARC policies in place
- Usually involve DKIM / SPF checks, depending on which ones are set
- Alignment requirements can be “strict” (the domains need to match precisely) or “relaxed” (base domains need to match but different subdomains are allowed)
- Alignment test will pass if:
- Only one of the authentications is set up (SPF vs. DKIM), the check is successful
- If both SPF & DKIM are set up and at least one succeeds
- SPF Return-Path: Address where bounces and other email feedback are sent
- Aka: bounce address, reverse path, envelope from, MAIL FROM
- Specified by the
Return-Pathheader in the email - Default for emails sent by Postmark is
pm_bounces@pm.mtasv.net- WHEN USING POSTMARK AS AN EMAIL SERVICE: Not usually a good idea to change this without still forwarding eventually to this address, as Postmark cannot report back to you on email bounces
Setting Up a Custom Return-Path for SPF Alignment
In investigating how to do this for a client using Postmark as their email service, I found some good information on how to set it up here.
What is a Custom Return-Path?
- Return-Path is the address
Open Questions
- What is actually needed to set up DMARC itself?
- It seems from reading that it’s not as simple as setting up DKIM or SPF separately, but that there’s another thing that needs to be configured?