empty

Note:

SEPPmail support will not be able to assist with DMARC integration.

The following text is solely for informational purposes.

DMARC does not currently offer any decisive advantages for outbound mails. This may change in the future, depending on adoption by large providers.

With DMARC (even more so than with SPF), a successful implementation requires good knowledge of the existing email infrastructure in order not to violate DMARC alignment.

If the client uses external mail delivery services (e.g. for newsletters), SEPPmail recommends consulting the documentation of the corresponding service provider regarding DMARC alignment.

For inline-outbound customers it is important that SEPPmail should be configured to add a DKIM signature. As SEPPmail alters the mail (sign/encrypt), it will break any DKIM signature possibly added by the hosting provider (e.g. Microsoft).

For parallel customers it is important that their hosting/spamfilter provider adds the DKIM signature only after SEPPmail returned the mail for delivery.

A possibly viable procedure:

  1. clarify whether dispatch takes place via third-party providers
  2. create SPF record (with -all as final directive)
  3. configure and activate DKIM signature
  4. activate DMARC reporting by publishing the following DMARC record: v=DMARC1;p=none;rua=mailto:dmarc@recipient.com
  5. if no reports are received indicating SPF or DKIM errors, the DMARC record can be set to p=quarantine or better p=reject.

Having a DMARC policy, but no DKIM signature would fail the DKIM check.

empty

Note:

SEPPmail evaluates DMARC records on inbound mail. However, due to the complexity for senders to implement it correctly, the policy 'reject' or 'quarantine' is not enforced. Instead it only counts to the general spam level evaluation. This may change in the future.