Using DMARC with Small Business Server or Office 365

January 4, 2017 by Leave a comment

The title is a bit misleading, so lets just acknowledge that straight away. Publishing DMARC is not related to the system you use to host your email. In the same way that SPF is not related to the system that you use to host your email.

As part of my day job I deal with several large organisations, who, for various reasons have not moved their email infrastructure to the cloud. As part of this, I have the unenviable and thankless task of trying to prevent spam, and guarantee deliver-ability of their sent mail.

It really does stagger me that so many organisations still, to this day, do not implement things like SPF, let alone use DMARC.

DMARC provides an extra layer of protection beyond SPF or DKIM. It also includes the ability for the recipient system to report back to the sending domain.

Anyway the point of this post was to highlight DMARC, the ease of configuration and hopefully point you to the right information quickly.

With that in mind here are the key pieces of information.

  • DMARC is a TXT Type DNS Record
  • The HOST name should be _dmarc
  • The Value must start v=DMARC1

If you can follow those pieces of information, you will have no trouble enabling it.

This is a great resource for all things DMARC, starting with steps on how to publish the record, and this is a wizard to help you test and create those records.

So, why did I say ‘use dmarc with SBS and Office 365’ ?

Because, you want to implement DMARC to evaluate received email, don’t you?. I mean, most of these email authentication methods fall down flat if the receiver does not implement them.

Unfortunately Exchange 2010 (SBS 2011) does not support DMARC natively. So you will need to implement, or rather should already be implementing some kind of Anti Spam Service or off site Email Hygiene service like Exchange Online Protection, Exchange Defender, Trend Micro HES etc. These services will check DMARC for you.

Office 365 of course builds upon EOP and is already doing these checks for you.

The links below do a much better job of explaining this than i do, i cannot reccomend the MSExchange.org links highly enough.

Some more resources:

http://www.msexchange.org/articles-tutorials/office-365/exchange-online/dkim-and-dmarc-office-365-part1.html

http://www.msexchange.org/articles-tutorials/office-365/exchange-online/dkim-and-dmarc-office-365-part2.html

http://www.msexchange.org/articles-tutorials/office-365/exchange-online/dkim-and-dmarc-office-365-part3.html

https://blogs.technet.microsoft.com/eopfieldnotes/2015/02/26/using-dmarc-to-prevent-spoofing/

https://dmarc.org/

https://blogs.msdn.microsoft.com/tzink/2015/03/13/how-to-align-with-spf-and-dmarc-for-your-domain-if-you-use-a-lot-of-3rd-parties-to-send-email-as-you/

https://blogs.msdn.microsoft.com/tzink/2016/01/22/email-authentication-should-work-out-of-the-box-and-we-should-not-rely-upon-domain-owners-to-do-it-themselves/

 

Filed under General

About Robert Pearman
Robert Pearman is a UK based Small Business Server enthusiast. He has been working within the SMB IT Industry for what feels like forever. Robert likes Piña colada and taking walks in the rain, on occasion he also enjoys writing about Small Business Technology like Windows Server Essentials or more recently writing PowerShell Scripts. If you're in trouble, and you can find him, maybe you can ask him a question.

Leave a reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: