A Stricter DMARC Policy

Sometimes, we receive reports that either our general reputation has declined to the point that certain receiving parties will block some of the email sent through our infrastructure, and that bothers us — because it bothers our customers. This usually involves just a limited number of messages, but is annoying nonetheless.

Other times we receive reports of phishing. These usually do not include verbiage that is suitable for repeating in this here blog, as the reports reply to messages do not originate from us, usually refer to external, third party sites but are most importantly also not submitted through our infrastructure. We follow up these occurrences with abuse reports to web server hosting companies, email providers and through other associated channels, but responses are often not thorough and not quick.

In order to prevent these illegitimate communication patterns though, we’ve tightened our DMARC policy definitions to be more strict, and applied them to more of our own domain names. It means that mail sent from an address in any of our own domains will now require a DKIM signature and requires compliance with our Sender Policy Framework configuration.

Our configured recommendation to receiving third parties, should DKIM or SPF verification fail, is now to otherwise “quarantine” the message. For various parties, this may mean that the message is indeed not delivered to the final recipient but queued for further inspection, while for other parties the message is marked as spam or likely spam.

It is important to note that Group Managers should follow our updated recommendations for their own domains.