This help section describes the DMARC test and the related settings available under the
page in the navigation.Domain-based Message Authentication, Reporting & Conformance (DMARC) is an advanced email authentication protocol which helps combat phishing and email spoofing by proving the email actually came from the domain in the “From:” header address - which is the same address that is presented to users by email clients.
Domain owners can publish a DMARC policy for their domains that tells receiving servers which authentication methods (SPF, DKIM or both) are employed by the sending domain, how to perform the From address validation (aka. alignment test) and what to do if the email fails all authentication checks. The policy is published as a DNS record on the DNS server authoritative for the domain, so it can be checked via a simple DNS query.
Click the Settings button to configure the DMARC test feature of ORF. More information is available in the DMARC Settings section.
ORF needs HTTP access to the Vamsoft servers to obtain updates for its top-level domain suffix list which is used by the DMARC Test to determine the correct organizational domain of the sender. If your environment requires the use of an HTTP proxy to access remote servers, click the Proxy Settings button to set the proxy parameters.
In case the managed ORF instance utilizes the Configuration Subscription feature, it will pull the top-level domain suffix list updates from the publisher server.
DMARC uses the results of the SPF and DKIM tests for its own validation checks. Both of these tests must be enabled for the DMARC Test to work. Disabling either of them will disable the DMARC Test as well.
Enable this test on perimeter servers only. Mail transfer agents, including Microsoft® Exchange, may rewrite parts of the message header and/or body before forwarding the email to the next hop device which can break the DKIM signature and cause false positives.
When the sending domain has a published DMARC policy and the DMARC test is enabled, the filtering actions associated with the (On Arrival) SPF and DKIM tests will not be executed, unless the sender is on the DMARC exception list.
Visit the DMARC website at http://www.dmarc.org/.
Please visit the DMARC website to learn more about publishing a DMARC policy for your domain.
ORF implements RFC7489, published in March 2015. As of writing this, RFC7489 is latest version of the DMARC informational RFC.
The current version of ORF does not support the reporting functionality of DMARC and the optional Authentication-Results header is not appended to emails.