How to Define a DMARC Record with Custom Records for MIAB?

Hi,

It would be great to create steps for setting up DMARC in MIAB.

I found this site(zytrax), but am struggling with connecting the dots…


(latest update)

Proposed Steps:
1.Create a DMARC resource record of type 'TXT’
2.Name the record _dmarc or (_dmarc.box?)
3.For the Value, define your tags such as
"v=DMARC1; p=reject; pct=100; rua=mailto:postmaster@dmarcdomain.com; aspf=s; adkim=s"

What is Domain-based Message Authentication, Reporting & Conformance(DMARC)?

  • an email protocol; i.e., policy
  • the policy you create allows you (the sender) to show that your messages are protected by SPF and/or DKIM
  • your policy will also help the organisation that receives your message determine if your message “aligns” with what they (the receiver) know about you (the sender).
  • a policy applies to messages that fail authentication (report, quarantine, reject)
  • suggestion: if you are confident that none of your legitimate messages are being incorrectly quarantined, apply a “reject” policy

Tags

v

  1. Protocol version
  2. example, v=DMARC1

pct

  1. Percentage of messages subjected to filtering
  2. pct=20

ruf

  1. Reporting URI for forensic reports
  2. ruf=mailto:authfail@example.com

rua

  1. Reporting URI of aggregate reports
  2. rua=mailto:aggrep@example.com

p

  1. Policy for organizational domain
  2. p=quarantine

sp

  1. Policy for subdomains of the OD
  2. sp=reject

adkim

  1. Alignment mode for DKIM
  2. adkim=s

aspf

  1. Alignment mode for SPF
  2. aspf=r

References:
https://dmarc.org/wiki/FAQ#How_does_DMARC_work.2C_briefly.2C_and_in_non-technical_terms.3F
http://www.zytrax.com/books/dns/ch9/dmarc.html

MIAB already supports DMARC out-of-the-box, so what are you trying to achieve here?
Given that you are posting 4 topics in under an hour, this looks a lot more like spamming.
Or are you trying to use all this for a domain not hosted on MIAB or something?

1 Like

@phol,

I take offense to your tone. All of these posts relate to the long standing and at present unanswered question of how to stop spoofing.

If you don’t like what I posted then don’t read it. If you want to ask me a question, ask it without being accusatory. Otherwise, I am not going to engage with you in discussion.

I meant no offence, I just genuinely wondered what the purpose was of this, because MIAB supports SPF, DKIM and DMARC out of the box without any manual configuration being necessary.

I do agree that spoofing and being marked as a safe sender is a major problem, however, I don’t understand how this would solve that problem, because it is already supported out-of-the-box.
Of course you might be using a relay host of some sorts, but then these are just general tutorials of building your own mailserver instead of using a turnkey setup like MIAB. I appreciate that the tutorials explain into detail what is happening in MIAB, but without you having to configure it manually.

If you directly apply them to MIAB, I figure these would only cause conflict with existing applications.
Instructions of successful setups of MIAB with relay hosts or smart hosts or how to set up MIAB as a relay host or smart host would be very much appreciated though.

I think that if you read your message again, you should be able to see that your tone is aggressive. Accusations of spamming should not be thrown around on a public forum, nor should anyone take them lightly.

Firstly, spamming involves providing people with irrelevant information. Anyone who has custom records will need to set up these records - correctly. The MIAB instruction guide acknowledges that people may use custom records. No relay host is required under this scenario.

Second, spamming is an activity whereby someone receives messages that they did not ask for. People are unlikely to see these posts unless they are trying to understand in detail what MIAB is doing; i.e., via an active search.

1 Like

Well as I said, I meant no offence. I could have put “spamming” between quotation marks, meaning “overflowing with links containing general information without providing specific context in a short period of time by creating multiple topics about more or less the same problem”. I am not as fluent in English, so my writing style might be a bit direct. But let’s get back ontopic.

I just couldn’t figure out what the exact relevance was to MIAB specifically, given that your link is not a step-by-step tutorial. It just globally describes various protocols.

A tutorial about e.g. relay host or using MIAB as such could be useful for newbie users or people who might want to use a relay host because they are, for example, using a server in a bad IP range or who use appliances requiring the use of MIAB as a smart host.
I mention this because mail coming from for example some logging services without going through MIAB, will be marked as spam / spoofed by Gmail and other providers.

Yes, but doesn’t the “External DNS” page in the admin control panel give us copy-and-paste instructions, complete with elaboration on what each DNS record does? If newbie users would copy the tutorial you link, which gives people information about things already included in MIAB, I think they would probably just break their install. That is why I was wondering, purely out of interest and maybe able to add other useful information.

This was purely meant out of interest. MIAB does this automatically right? It also does if you use external name servers. That’s why I am wondering what problem you are trying to solve.
I don’t understand what you mean with “I found this site, but am struggling with connecting the dots…” given that it has this functionality already. What problems are you facing?

I don’t think that this conversation is worthwhile so I am not going to respond any further to your posts as there are too many points for me to address.

I responded to a request for further information by someone else, that someone not being you. If you don’t like what I wrote, complain. Otherwise, start your own thread.

:joy:
I’m honestly just trying to help here man, but good luck finding the solution to your unspecified problem from someone else.:ok_hand:

2 Likes

As said by @phol it is setup by default. It’s going to be hard to help you without the answers to those questions.

I have flagged your comments as inappropriate*

Meaning if someone asks how to do something as the title suggests, it is inappropriate to suggest they should not ask the question just because “it is set up by default.”

In SMTP, mail is sent in units called envelopes. First the address of the envelope sender is sent, followed by one or more envelope recipient addresses. Finally the actual message is sent, headers and body together. Note that the final recipient sees only the headers and body.

Replies go to the header sender (spammer)
Bounces go to the envelope sender address (innocent party)

DMARC validates the message sender

Random hint: Spam filters are more likely to flag your email if your email is addressed to your recipient’s email address and not their name so you should include the recipient’s name and the email address in your message.

I know that “Strict SPF and DMARC records will be added to all custom domains unless you override them”, but is there a way to see exactly how those records are configured?

I am not sure I understand your question, but I would assume that the SPF and DMARC records in the External DNS menu of the admin panel would reflect what the records would be under the standard default configuration.

Yup, got it, thanks!

1 Like