Feb 17

Sub-domain Abuse Goes Mainstream


Last week, LinkedIn was the target of a massive, global cyber attack.

The attack came in the form of phishing that looks almost exactly like real LinkedIn address confirmation emails. Only two things differed: Read the rest of this entry »

Jul 16

Published a DMARC record but haven't received any XML Reports?

A common problem many people face when implementing DMARC for the first time is that they are not receiving aggregate XML reports (reports generated for delivery to the rua= tag) in their dmarcian account. These XML reports are the driving force of DMARC. Without them, it's very difficult to get an accurate picture of your domain's usage across the internet.

If you've created a dmarcian account, have published records but have not received data, don't fret! It is typically caused by one (or more) of these three things: Read the rest of this entry »

Jul 16

dmarcian tools are under constant development to make DMARC deployment faster and easier for everyone. This article describes how to best use the tools today. Read the rest of this entry »

May 16

How to publish a DMARC record

Publishing a DMARC record is the first step in deploying DMARC.

To create a DMARC record, use the dmarcian DMARC Wizard.  When you have the text of your DMARC record at your fingertips, follow these steps: Read the rest of this entry »

Jan 16

How can you eventually move to a p=reject policy when third parties are unable to send email properly on your behalf?

In many cases, a DMARC compliant SMTP relay server can be used to do the trick. In this article, we’ll explore some of the facets of sending DMARC compliant email from third parties, what to look for, and how common hosted solutions such as Google Apps, Office 365, Amazon Simple Email Service (SES), can be leveraged as SMTP relays. Read the rest of this entry »

Dec 15

DMARC is a one-time upgrade

DMARC brings tangible benefits to those who deploy it.  In our work to help as many people as possible deploy DMARC, we’ve uncovered an interesting truth.. Read the rest of this entry »

Tags: ,
Dec 15

Policy Modes: Quarantine vs Reject

Domain owners can publish policies that will be applied to email that is not compliant with DMARC:

  • none - which means “take no action, just collect data and send me reports”,
  • quarantine - which means “treat with suspicion”, and
  • reject - which mean “block outright”.

DMARC deployers often ask us: “what’s the difference between quarantine and reject, and what will happen when I publish these policies?”  Understanding what happens when quarantine or reject is published is pretty important! Read the rest of this entry »

Dec 15

As DMARC adoption increases, more people are looking at using DMARC to filter their own email.  We’ve put together this article to outline how to do “DMARC inbound”.

Email is vast and DMARC is still being adopted.  When you start filtering inbound email using DMARC, you’ll discover two important insights: Read the rest of this entry »

Dec 15

Sending other people's email in a DMARC compliant manner can be accomplished in a number of different ways.  This article is intended for Email Service Providers (ESPs) and any business that sends email using their own customer's domains (examples: CRMs, talent management companies, billing systems, etc).

Read the rest of this entry »