Hi Ale, Thanks for your explanation.
I am gathering information to set up DMARC policy for my organisation. I have registered to this list with my personal G Suite account. In my organisation, I have already set up SPF. Recently, few users received a few spoofing email. Therefore, I thought of setting up DMARC. Then I realised that in order to go with DMARC, I have set up DKIM also. If you don't mind please share a place where I could get some guidance on this regard. Thanks Roshan On Wed, May 20, 2020 at 9:04 PM Alessandro Vesely <ves...@tana.it> wrote: > Hi Roshan, > > On Wed 20/May/2020 10:35:28 +0200 Roshan Hiripitiyage wrote: > > > > Thanks for your reply. > > > You're welcome. > > Did you purposely write off-list? > > > > I am referring to G Suite mail. I saw G Suite documentation that "Share > my DKIM > > key with the mail provider so they can add the key to outgoing messages" > Please > > refer to the " DMARC and third-party email providers" section of the > > URL, https://support.google.com/a/answer/2466580. > > > That sentence is incorrect, in the sense that nobody will ever want to add > the > key to outgoing messages. They don't mean themselves as "mail provider". > They > mean that a 3rd party mail provider will sign messages on your behalf. > Some > ESPs do that sort of stuff. Actually, they'd generate their own key pair > and > ask you to publish the public key under your domain. (Public keys are > always > safer to be sent around than private ones.) > > BTW, your key should stay in hiripitiyage.net, not in gappssmtp.com. > > > > Practically, this is not possible. That's why I thought of writing to > you for > > more clarification. > > > Normally, people don't send mail using 3rd party From: domain. Many email > clients don't even allow to change From: on the fly. If you allow your > users > to set any From:, it is their responsibility to choose a From: domain that > doesn't sport a strict DMARC policy. Conversely, they may be able to send > from > a 3rd party's server using From: whate...@hiripitiyage.net depending on > the > policy you set for your domain. > > > Best > Ale > >
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)