What is DMARC?
DMARC checks to see if a message passes either the SPF or DKIM standards for validating legitimate email, and any messages that do not pass either standard gets blocked. SPF is a standard that utilizes DNS to validate the sender listed in the Envelope FROM (the server that the message originated from) address in a message header. DKIM utilizes an embedded snippet of encrypted data to validate the sender listed in the d= field in a message header. DMARC goes a step further. If a message passes either standard, then the domain listed in the FROM field must also match the domain in the d= field of a message header. Once all checks have been passed, the message is authorized. If any of the checks fail, then there is a recommended action that a DMARC policy includes. Mailbox providers can choose to follow the recommendation set or ignore it (extremely rare). Recommendations can be to quarantine the message, reject the message, or to allow it through and monitor it.
How do I get my eMail service authorized to send harding.edu messages?
eMail service providers must provide us with one of the following:
- an SPF DNS record for us to include in our SPF record or the IP address(s) of the servers that will be sending mail
- a DKIM key that we can include in our external DNS
Both would be ideal, but either will do. The eMail service provider must also properly construct the headers of their messages so that the Envelope FROM address matches the d= field. If a provider supports DMARC, this will be a given.....
How can I learn more?
You can find more information on DMARC, SPF and DKIM at the following sites: Wikipedia DMARC.ORG