On 2/17/2023 9:27 PM, H wrote: > On February 16, 2023 8:57:49 PM EST, Mark Alley via mailop<mailop@mailop.org> > wrote: >> As long as the organizational domain you want reports for is the same >> as >> you have published in the DMARC RUA/RUF "mailto" tags, then no, you do >> not >> need it to be able to receive said reports. >> >> - Mark Alley >> >> On Thu, Feb 16, 2023, 7:47 PM H<age...@meddatainc.com> wrote: >> >>> On February 16, 2023 6:37:42 PM EST, Mark Alley via mailop < >>> mailop@mailop.org> wrote: >>>> You only need to create that record if you are sending the >>>> aggregate/failure reports for a particular domain that is different >>>> from >>>> the one the reports are actually on behalf of. >>>> >>>> So for example, if you owned domain1.com and wanted to send RUA/RUF >>>> reports >>>> for domain1.com to a mailbox at domain2.com (assuming you own >> domain2), >>>> you >>>> would need to create the TXT record in domain2 - >>>> "domain1.com._report._ >>>> dmarc.domain2.com" IN TXT "v=DMARC1;" >>>> >>>> If you're using an external third party for report analysis, usually >>>> they >>>> have a wildcard published in their DNS for this "_report._dmarc" >>>> subdomain, >>>> so you don't have to worry about it in that case. >>>> >>>> >>>> - Mark Alley >>>> >>>> >>>> On Thu, Feb 16, 2023, 4:14 PM H via mailop<mailop@mailop.org> >> wrote: >>>>> On 02/11/2023 07:42 PM, H wrote: >>>>> >>>>> On 02/11/2023 01:55 AM, Gellner, Oliver via mailop wrote: >>>>> >>>>> >>>>> On 2023-02-11 02:51 H via mailop wrote: >>>>> >>>>> >>>>> On 02/10/2023 10:13 AM, Gellner, Oliver via mailop wrote: >>>>> >>>>> On 2023-02-10 04:08, H via mailop wrote: >>>>> >>>>> I now did find that resource but it is written as general >> information >>>> and does not really tell how to get it going with IONOS if they run >> the >>>> email server... >>>>> As far as I understood you not only use Ionos as your registrar, >> but >>>> also use their email server to send your email through. Ionos does >> not >>>> DKIM sign emails on behalf of its customers, at least they didn't do >> so >>>> in the past. So the answer is simple: You do not set up DKIM or >> DMARC >>>> at all, because you can't. >>>>> The instructions given by Ionos are only valid if your email is >> sent >>>> and signed by some other server and you want to add the DKIM public >> key >>>> to your domain hosted at Ionos. >>>>> -- >>>>> BR Oliver >>>>> >>>>> Thank you, you are starting with the first issue, ie whether I can >>>> even >>>>> have a DKIM record given that the domain is hosted by Ionos as is >> the >>>> mail >>>>> server. Upon my additional research I have come to the same >>>> conclusion as >>>>> you, ie not possible. >>>>> >>>>> By the way, I stumbled across this posting on the net - >>>>> >> https://serverfault.com/questions/1030262/record-dkim-on-ionos-makes-sense >>>>> - that as far as I can tell is still true. >>>>> >>>>> So, I will now look at creating a DMARC record given that I have >>>>> previously created a SPF record and will not be able to have a >> DKIM >>>> record. >>>>> I recommend against setting up a DMARC record with a policy of >>>> quarantine >>>>> or reject as long as DKIM signing isn‘t in place. The SPF >>>> authentication >>>>> will break for all forwarded messages as well as for all automatic >>>> replies >>>>> or non-delivery reports. It will do mire harm than good. >>>>> Of course if you‘re interested in the reporting you can create a >>>> DNARC >>>>> record with a none policy and only change that after you have >> moved >>>> to a >>>>> different email provider who supports DKIM. >>>>> >>>>> — >>>>> BR Oliver >>>>> >>>>> ------------------------------ >>>>> dmTECH GmbH >>>>> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 >> Karlsruhe >>>>> Telefon 0721 5592-2500 Telefax 0721 5592-2777 >>>>> dmt...@dm.de <dmt...@dm.de> *www.dmTECH.de <http://www.dmtech.de> >>>>> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 >>>>> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman Melcher >>>>> ------------------------------ >>>>> Datenschutzrechtliche Informationen >>>>> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an >> unser >>>>> ServiceCenter Fragen haben, bei uns einkaufen oder unser >> dialogicum >>>> in >>>>> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung >> stehen >>>> oder >>>>> sich bei uns bewerben, verarbeiten wir personenbezogene Daten. >>>>> Informationen unter anderem zu den konkreten Datenverarbeitungen, >>>>> Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer >>>>> Datenschutzbeauftragten finden Sie hier >>>>> >>>> < >> https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832> >>>>> . >>>>> >>>>> >>>>> _______________________________________________ >>>>> mailop mailing >>>> listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop >>>>> I see. As I am sure everyone has noticed, I am a complete newbie >> to >>>>> SPF/DKIM/DMARC (and a lot of other things.) >>>>> >>>>> Understanding your message, creating a DMARC with "none" policy >> would >>>> not >>>>> have any downside? When you say "reporting", what type of >> reporting >>>> would >>>>> that be and how could I benefit from such reporting? >>>>> >>>>> I have created a DMARC record and checked that it is correctly set >> up >>>> on a >>>>> DMARC check site. I understand that in order to receive these >> reports >>>> I >>>>> also need to create a EDV record among my domain DNS settings? >>>>> >>>>> Googling around I have not found any clear instructions on how to >> do >>>> so? >>>>> At this time my understanding is that I need to create another TXT >>>> record >>>>> where the host field would contain "mydomain.com._report._ >>>>> dmarc.mydomain.com" and the value field would contain "v=DMARC1". >>>>> Mydomain above would of course be replaced with the actual domain >>>> name. >>>>> Thanks. >>>>> _______________________________________________ >>>>> mailop mailing list >>>>> mailop@mailop.org >>>>> https://list.mailop.org/listinfo/mailop >>>>> >>> Since I will be analyzing the data myself, no third-party involved, I >> do >>> not this type of record, correct? >>> > Thank you for your further clarification. It's up and running and I have > reviewed the first report. > > Besides reviewing the XML files themselves, I have also used one of the > available websites. Even more convenient would be a linux utility to run on > my own computer...
There's several self-hosted options on Github listed here <https://dmarcvendors.com/#Self-Hosted_Solutions>. Alternatively, something like DMARC digests <https://dmarc.postmarkapp.com> might be an easier solution. You just sign up for free, set up the provided RUA endpoint in your DMARC record, and they will send you weekly reports of the authentication metrics for your domain. The weekly digest looks like this below:
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
