Feb 17

Sub-domain Abuse Goes Mainstream


Last week, LinkedIn was the target of a massive, global cyber attack.

The attack came in the form of phishing that looks almost exactly like real LinkedIn address confirmation emails. Only two things differed: Read the rest of this entry »

Aug 16

Too many DNS lookups?

People sometimes run into the "too many DNS lookups" error when rolling out SPF (Sender Policy Framework). It doesn't help that there is a lot of bad guidance on the Internet. This article describes how to fix this issue. Read the rest of this entry »

Jul 16

Published a DMARC record but haven't received any XML Reports?

A common problem many people face when implementing DMARC for the first time is that they are not receiving aggregate XML reports (reports generated for delivery to the rua= tag) in their dmarcian account. These XML reports are the driving force of DMARC. Without them, it's very difficult to get an accurate picture of your domain's usage across the internet.

If you've created a dmarcian account, have published records but have not received data, don't fret! It is typically caused by one (or more) of these three things: Read the rest of this entry »

Jul 16

dmarcian tools are under constant development to make DMARC deployment faster and easier for everyone. This article describes how to best use the tools today. Read the rest of this entry »

May 16

How to publish a DMARC record

Publishing a DMARC record is the first step in deploying DMARC.

To create a DMARC record, use the dmarcian DMARC Wizard.  When you have the text of your DMARC record at your fingertips, follow these steps: Read the rest of this entry »

May 16

How to use Domain Groups

Domain Groups allow dmarcian users to easily group together and manage related domains.  Domain Groups are created using the Mission Control interface.  Domain Groups are typically used to group together domains by: Read the rest of this entry »

Apr 16

SPF-Identified Servers - How and Why

To turn DMARC into something useful to people, dmarcian processes DMARC data using a big pile of rules.  These rules identify sources of email, and dmarcian presents users with DMARC compliance information based on email source.

One identified source of email is called "SPF-Identified Servers", and dmarcian users are often curious as to how data ends up in this source.  How and why this source works is explained below. Read the rest of this entry »

Jan 16

How can you eventually move to a p=reject policy when third parties are unable to send email properly on your behalf?

In many cases, a DMARC compliant SMTP relay server can be used to do the trick. In this article, we’ll explore some of the facets of sending DMARC compliant email from third parties, what to look for, and how common hosted solutions such as Google Apps, Office 365, Amazon Simple Email Service (SES), can be leveraged as SMTP relays. Read the rest of this entry »

Jan 16

SOBOO: Delegation with CNAMEs

Sending On Behalf Of Others:

Sub-Domain Delegation With CNAMEs

This article expands on the "CNAMEs" approach described in the larger How to send DMARC-compliant email on behalf of others article.  An assumption is that the reader is sending email on behalf of others, and desires to send such email in a manner compliant with DMARC. Read the rest of this entry »