docker-mailserver/docs/content/config/best-practices/dmarc.md
Frederic Werner e20a66864a
docs(deps): bump mkdocs-material to 7.1.6 (#2015)
* docs(deps): bump mkdocs-material to 7.1.6

* chore: trigger preview on changes to preview workflows too

* fix: replace deprecated admonition

Co-authored-by: Brennan Kinney <5098581+polarathene@users.noreply.github.com>
2021-05-31 19:02:56 +12:00

1.7 KiB

title hide
Best Practices | DMARC
toc

!!! note DMARC Guide: https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md

Enabling DMARC

In docker-mailserver, DMARC is pre-configured out-of the box. The only thing you need to do in order to enable it, is to add new TXT entry to your DNS.

In contrast with DKIM, DMARC DNS entry does not require any keys, but merely setting the configuration values. You can either handcraft the entry by yourself or use one of available generators (like https://dmarcguide.globalcyberalliance.org/).

Typically something like this should be good to start with (don't forget to replace @domain.com to your actual domain)

_dmarc.domain.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc.report@domain.com; ruf=mailto:dmarc.report@domain.com; sp=none; ri=86400"

Or a bit more strict policies (mind p=quarantine and sp=quarantine):

_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc.report@domain.com; ruf=mailto:dmarc.report@domain.com; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine"

DMARC status is not being displayed instantly in Gmail for instance. If you want to check it directly after DNS entries, you can use some services around the Internet such as https://dmarcguide.globalcyberalliance.org/ or https://ondmarc.redsift.com/. In other case, email clients will show "DMARC: PASS" in ~1 day or so.

Reference: #1511