On February 18, 2023 9:08:40 AM EST, Mark Alley via mailop <mailop@mailop.org> wrote: >On 2/17/2023 9:27 PM, H wrote: >> On February 16, 2023 8:57:49 PM EST, Mark Alley via >mailop<mailop@mailop.org> wrote: >>> As long as the organizational domain you want reports for is the >same >>> as >>> you have published in the DMARC RUA/RUF "mailto" tags, then no, you >do >>> not >>> need it to be able to receive said reports. >>> >>> - Mark Alley >>> >>> On Thu, Feb 16, 2023, 7:47 PM H<age...@meddatainc.com> wrote: >>> >>>> On February 16, 2023 6:37:42 PM EST, Mark Alley via mailop < >>>> mailop@mailop.org> wrote: >>>>> You only need to create that record if you are sending the >>>>> aggregate/failure reports for a particular domain that is >different >>>>> from >>>>> the one the reports are actually on behalf of. >>>>> >>>>> So for example, if you owned domain1.com and wanted to send >RUA/RUF >>>>> reports >>>>> for domain1.com to a mailbox at domain2.com (assuming you own >>> domain2), >>>>> you >>>>> would need to create the TXT record in domain2 - >>>>> "domain1.com._report._ >>>>> dmarc.domain2.com" IN TXT "v=DMARC1;" >>>>> >>>>> If you're using an external third party for report analysis, >usually >>>>> they >>>>> have a wildcard published in their DNS for this "_report._dmarc" >>>>> subdomain, >>>>> so you don't have to worry about it in that case. >>>>> >>>>> >>>>> - Mark Alley >>>>> >>>>> >>>>> On Thu, Feb 16, 2023, 4:14 PM H via mailop<mailop@mailop.org> >>> wrote: >>>>>> On 02/11/2023 07:42 PM, H wrote: >>>>>> >>>>>> On 02/11/2023 01:55 AM, Gellner, Oliver via mailop wrote: >>>>>> >>>>>> >>>>>> On 2023-02-11 02:51 H via mailop wrote: >>>>>> >>>>>> >>>>>> On 02/10/2023 10:13 AM, Gellner, Oliver via mailop wrote: >>>>>> >>>>>> On 2023-02-10 04:08, H via mailop wrote: >>>>>> >>>>>> I now did find that resource but it is written as general >>> information >>>>> and does not really tell how to get it going with IONOS if they >run >>> the >>>>> email server... >>>>>> As far as I understood you not only use Ionos as your registrar, >>> but >>>>> also use their email server to send your email through. Ionos does >>> not >>>>> DKIM sign emails on behalf of its customers, at least they didn't >do >>> so >>>>> in the past. So the answer is simple: You do not set up DKIM or >>> DMARC >>>>> at all, because you can't. >>>>>> The instructions given by Ionos are only valid if your email is >>> sent >>>>> and signed by some other server and you want to add the DKIM >public >>> key >>>>> to your domain hosted at Ionos. >>>>>> -- >>>>>> BR Oliver >>>>>> >>>>>> Thank you, you are starting with the first issue, ie whether I >can >>>>> even >>>>>> have a DKIM record given that the domain is hosted by Ionos as is >>> the >>>>> mail >>>>>> server. Upon my additional research I have come to the same >>>>> conclusion as >>>>>> you, ie not possible. >>>>>> >>>>>> By the way, I stumbled across this posting on the net - >>>>>> >>> >https://serverfault.com/questions/1030262/record-dkim-on-ionos-makes-sense >>>>>> - that as far as I can tell is still true. >>>>>> >>>>>> So, I will now look at creating a DMARC record given that I have >>>>>> previously created a SPF record and will not be able to have a >>> DKIM >>>>> record. >>>>>> I recommend against setting up a DMARC record with a policy of >>>>> quarantine >>>>>> or reject as long as DKIM signing isn‘t in place. The SPF >>>>> authentication >>>>>> will break for all forwarded messages as well as for all >automatic >>>>> replies >>>>>> or non-delivery reports. It will do mire harm than good. >>>>>> Of course if you‘re interested in the reporting you can create a >>>>> DNARC >>>>>> record with a none policy and only change that after you have >>> moved >>>>> to a >>>>>> different email provider who supports DKIM. >>>>>> >>>>>> — >>>>>> BR Oliver >>>>>> >>>>>> ------------------------------ >>>>>> dmTECH GmbH >>>>>> Am dm-Platz 1, 76227 Karlsruhe * Postfach 10 02 34, 76232 >>> Karlsruhe >>>>>> Telefon 0721 5592-2500 Telefax 0721 5592-2777 >>>>>> dmt...@dm.de <dmt...@dm.de> *www.dmTECH.de ><http://www.dmtech.de> >>>>>> GmbH: Sitz Karlsruhe, Registergericht Mannheim, HRB 104927 >>>>>> Geschäftsführer: Christoph Werner, Martin Dallmeier, Roman >Melcher >>>>>> ------------------------------ >>>>>> Datenschutzrechtliche Informationen >>>>>> Wenn Sie mit uns in Kontakt treten, beispielsweise wenn Sie an >>> unser >>>>>> ServiceCenter Fragen haben, bei uns einkaufen oder unser >>> dialogicum >>>>> in >>>>>> Karlsruhe besuchen, mit uns in einer geschäftlichen Verbindung >>> stehen >>>>> oder >>>>>> sich bei uns bewerben, verarbeiten wir personenbezogene Daten. >>>>>> Informationen unter anderem zu den konkreten Datenverarbeitungen, >>>>>> Löschfristen, Ihren Rechten sowie die Kontaktdaten unserer >>>>>> Datenschutzbeauftragten finden Sie hier >>>>>> >>>>> < >>> >https://www.dm.de/datenschutzerklaerung-kommunikation-mit-externen-493832> >>>>>> . >>>>>> >>>>>> >>>>>> _______________________________________________ >>>>>> mailop mailing >>>>> listmailop@mailop.orghttps://list.mailop.org/listinfo/mailop >>>>>> I see. As I am sure everyone has noticed, I am a complete newbie >>> to >>>>>> SPF/DKIM/DMARC (and a lot of other things.) >>>>>> >>>>>> Understanding your message, creating a DMARC with "none" policy >>> would >>>>> not >>>>>> have any downside? When you say "reporting", what type of >>> reporting >>>>> would >>>>>> that be and how could I benefit from such reporting? >>>>>> >>>>>> I have created a DMARC record and checked that it is correctly >set >>> up >>>>> on a >>>>>> DMARC check site. I understand that in order to receive these >>> reports >>>>> I >>>>>> also need to create a EDV record among my domain DNS settings? >>>>>> >>>>>> Googling around I have not found any clear instructions on how to >>> do >>>>> so? >>>>>> At this time my understanding is that I need to create another >TXT >>>>> record >>>>>> where the host field would contain "mydomain.com._report._ >>>>>> dmarc.mydomain.com" and the value field would contain "v=DMARC1". >>>>>> Mydomain above would of course be replaced with the actual domain >>>>> name. >>>>>> Thanks. >>>>>> _______________________________________________ >>>>>> mailop mailing list >>>>>> mailop@mailop.org >>>>>> https://list.mailop.org/listinfo/mailop >>>>>> >>>> Since I will be analyzing the data myself, no third-party involved, >I >>> do >>>> not this type of record, correct? >>>> >> Thank you for your further clarification. It's up and running and I >have reviewed the first report. >> >> Besides reviewing the XML files themselves, I have also used one of >the available websites. Even more convenient would be a linux utility >to run on my own computer... > >There's several self-hosted options on Github listed here ><https://dmarcvendors.com/#Self-Hosted_Solutions>. > >Alternatively, something like DMARC digests ><https://dmarc.postmarkapp.com> might be an easier solution. You just >sign up for free, set up the provided RUA endpoint in your DMARC >record, and they will send you weekly reports of the authentication >metrics for your domain. The weekly digest looks like this below:
Noted, thanks. If anyone has a favorite among the GitHub offerings, that would be great to hear! _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
