On Sun, January 18, 2015 20:14, John wrote: > I am not sure about implementing DMARC on my servers. > However, is it worth adding a DMARC record to the DNS? What, if > anything, would it buy us.
Nothing, unless you have somebody to read the reports and the capacity to act on them. All DMARC will tell you is if somebody else is pretending to be you. It does, however, help protect other people from getting fraudulently addressed email claiming to originate from your domain. Services exist that will accept DMARC reports and analyse them for you. I am not sure about the privacy and security implications of that approach. > If we were to add such a record, what would be the "best" setup/set of > parameters be? > If you have people posting though mailing lists then it is likely best that you leave DMARC policy set to none or possibly quarantine. Reject is probably too severe to seriously consider for some time yet; Yahoo, AOL et al. positions on the matter notwithstanding. Be aware that Google will deliver quarantined messages to the Gmail users spam folder. User sending mail from a quarantined DMARC domain through a mailing list will likely have many of their messages disappear when sent to subscribers with Gmail accounts. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3