Hi there, I am new to this mailing list but have the challenging task to implements SPF, DKIM and DMARC on Cisco Ironports for two extremely large worldwide companies with 100's of e-mail domains each. To make things more challenging by end of next week as we are under heavy spoofing attacks.
So far we have implemented a lot of defensive mail filters on the Ironports to validation of domain, friendly names, AV, etc and are tagging all incoming e-mails so the end user can more easily find them in his inbox under the following structure, witrh rules doing the work : Inbox --Internal TO only CC --External Primary Trusted Partner Social (Facebook, Linkedin etc) Public (public mailers) Newsletters (tagged) Potential SPAM It is my current understanding that the following order of things should be followed : a) Publish a DMARC record with a domain to collect feedback b) Deploy SPF for the mail domains c) Deploy DKIM for the mail domains d) Monitor SPF, DKIM and DMARC e) Implement DMARC policy to quarantain and/or reject It is my plan to start doing this with 1 or maybe 2 domains to get going. My questions now : a) does this sound like a good plan ? b) in regards to dmarc records you need to specify an email adress for replies, can this always be the same e-mail for all 100's e-mail domains ? c) Did i miss something ? I will be documenting this implementation and am happy to share for interested parties as it involved Notes, Outlook, Cloud, ironports and much more. Thank you Marc
_______________________________________________ dmarc-discuss mailing list dmarc-discuss@dmarc.org http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)