Updated Configure DMARC (markdown)

Jean-Denis Vauguet 2020-05-31 05:13:46 +02:00
parent db3b783928
commit baed75f81f
1 changed files with 10 additions and 4 deletions

@ -1,15 +1,21 @@
In `docker-mailserver` DMARC is configured out-of the box and the only thing you need to do is to add new TXT entry to your DNS. In contrast with [DKIM](https://github.com/tomav/docker-mailserver/wiki/Configure-DKIM), DMARC DNS entry does not require any keys but just setting the [configuration values](https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md#overview-of-dmarc-configuration-tags). You can either handcraft the entry by yourself or use one of available generators (like https://dmarcguide.globalcyberalliance.org/).
DMARC Guide: https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md
Typically something like this should be good to start with (don't forget to replace `domain.com` to valid addresses)
## Enabling DMARC
In `docker-mailserver`, DMARC is pre-configured out-of the box. The only thing you need to do in order to enable it, is to add new TXT entry to your DNS.
In contrast with [DKIM](https://github.com/tomav/docker-mailserver/wiki/Configure-DKIM), DMARC DNS entry does not require any keys, but merely setting the [configuration values](https://github.com/internetstandards/toolbox-wiki/blob/master/DMARC-how-to.md#overview-of-dmarc-configuration-tags). You can either handcraft the entry by yourself or use one of available generators (like https://dmarcguide.globalcyberalliance.org/).
Typically something like this should be good to start with (don't forget to replace `@domain.com` to your actual domain)
```
_dmarc.domain.com. IN TXT "v=DMARC1; p=none; rua=mailto:dmarc.report@domain.com; ruf=mailto:dmarc.report@domain.com; sp=none; ri=86400"
```
Or a bit more strict policies (mind `p=quarantine` and `sp=quarantine`)
Or a bit more strict policies (mind `p=quarantine` and `sp=quarantine`):
```
_dmarc IN TXT "v=DMARC1; p=quarantine; rua=mailto:dmarc.report@domain.com; ruf=dmarc.report@domain.com; fo=0; adkim=r; aspf=r; pct=100; rf=afrf; ri=86400; sp=quarantine"
```
DMARC status is not being displayed instantly in Gmail. If you want to check it directly after DNS entries, you can use some services around the Internet such as mentioned https://dmarcguide.globalcyberalliance.org/ or https://ondmarc.redsift.com/. In other case Gmail will show "DMARC: PASS" in ~1 day or so.
DMARC status is not being displayed instantly in Gmail for instance. If you want to check it directly after DNS entries, you can use some services around the Internet such as https://dmarcguide.globalcyberalliance.org/ or https://ondmarc.redsift.com/. In other case, email clients will show "DMARC: PASS" in ~1 day or so.
Reference: [#1511](https://github.com/tomav/docker-mailserver/issues/1511)