6.2.1 ORF Online Help
Select your ORF version:

Table of Contents

DMARC Test


This help section describes the DMARC test and the related settings available under the BlacklistsDMARC Test page in the navigation.

General Information

Domain-based Message Authentication, Reporting & Conformance (DMARC) is an advanced email authentication protocol which helps combat phishing and email spoofing by proving the email actually came from the domain in the “From:” header address - which is the same address that is presented to users by email clients.

Domain owners can publish a DMARC policy for their domains that tells receiving servers which authentication methods (SPF, DKIM or both) are employed by the sending domain, how to perform the From address validation (aka. alignment test) and what to do if the email fails all authentication checks. The policy is published as a DNS record on the DNS server authoritative for the domain, so it can be checked via a simple DNS query.

Settings

Click the Settings button to configure the DMARC test feature of ORF. More information is available in the DMARC Settings section.

Proxy Settings

ORF needs HTTP access to the Vamsoft servers to obtain updates for its top-level domain suffix list which is used by the DMARC Test to determine the correct organizational domain of the sender. If your environment requires the use of an HTTP proxy to access remote servers, click the Proxy Settings button to set the proxy parameters.

In case the managed ORF instance utilizes the Configuration Subscription feature, it will pull the top-level domain suffix list updates from the publisher server.

Notes

IMPORTANT: Reliance on the SPF and DKIM tests

DMARC uses the results of the SPF and DKIM tests for its own validation checks. Both of these tests must be enabled for the DMARC Test to work. Disabling either of them will disable the DMARC Test as well.

Enable this test on perimeter servers only. Mail transfer agents, including Microsoft® Exchange, may rewrite parts of the message header and/or body before forwarding the email to the next hop device which can break the DKIM signature and cause false positives.

When the sending domain has a published DMARC policy and the DMARC test is enabled, the filtering actions associated with the SPF and DKIM tests will not be executed, unless the sender is on the DMARC exception list.

Where to find more information about DMARC

Visit the DMARC website at http://www.dmarc.org/.

Publishing a DMARC policy

Please visit the DMARC website to learn more about publishing a DMARC policy for your domain.

Implemented DMARC version

ORF implements RFC7489, published in March 2015, and its updates (RFC8553, RFC8616).

The current version of ORF does not support the reporting functionality of DMARC and the optional Authentication-Results header is not appended to emails.

Copyright © Vamsoft Kft. All rights reserved. Document ID adm-oa-dmarc, version 2.