2

People,

Using the website: https://easydmarc.com/tools/dmarc-lookup?domain=name.com

I got this error:

DMARC record is valid, but your domain's None/Quarantine policy does not yet protect it against email spoofing and phishing.

What does it mean and how can I fix the above issue? Do I must manually check the mailbox [email protected] and then decide if it is legitimate or actual spam/spoof emails?

1
  • 3
    Strictly speaking, a valid policy wouldn't completely protect you, too. It is up to receiver to decide whether they will check those policies, validate DKIM signatures, check SPF. They may choose not to filter any spam at all, and receive forged mails with your domain specified as a source, and you can do nothing about that. Commented Jul 27, 2022 at 3:47

1 Answer 1

5

It is not an error, but a common step while working towards stronger methods of protecting against spoofing. The warning reminds you that your published record, while still useful to opt into receiving reports, is not asking recipients to act on a more restrictive policy yet.

It is perfectly fine to continue with that record until you have gathered enough data to confidently request enforcement. At some point you probably want to change your policy to p=reject. The decision you are making depends less on how much spoofed mail you see, but more specifically on whether you know that all legitimate senders for that domain are known to you and correctly configured to appear authorized to recipients.

If you actually send significant mail volume for that domain from multiple systems, you probably do not want to read the incoming reports yourself, but have them sent towards some automated processing/visualization/notification system. The site you linked does offer such system as a commercial service, multiple such services exist and usually work by buying a subscription and configuring them or forwarding to them as the report target.

1

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .