DMARC. To implement or not to implement?

A

Alexander Chernykh2019-03-18 18:14:50

Email Marketing

Alexander Chernykh, 2019-03-18 18:14:50

We carry out mailings to subscribers of the service. SPF/DKIM configured. Is it worth implementing DMARC?
Interested in the opinion of admins with similar experience

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vladimir Dubrovin, 2019-03-19
@sashkets

If there are no problems with SPF / DKIM for legitimate emails, then there is not a single argument against the implementation of DMARC.
DMARC should be implemented at least with the none policy in order to receive reports and see problems with SPF / DKIM on them.
And then, if you have any doubts, according to these reports, you can conclude for yourself whether you need a strict policy, because. you will see how often the domain is used in spam/phishing.

A

Alexander NAZARIAN, 2019-07-24
@McHaber

Alexander Chernykh , Implementing DMARC with a reject policy is absolutely essential if you don't want to become a victim of spoofing and phishing.
Before switching to the reject policy , it is necessary to spend some time (at least a month) with the none policy in order to collect a sufficient number of summary DMARC reports for analysis.
Parsing summary DMARC reports (they are in XML format) in raw form is almost impossible (at least for the average user).
There are many tools for this - from a simple Add-on for Chrome to quite serious SaaS systems with additional useful functionality.
I personally use the EasyDMARC solution and I encourage you to give it a try.