DMARC for hosted email domain

Discussion in 'Installation/Configuration' started by electronico_nc, Nov 15, 2018.

  1. Hi all,
    (ISPConfig 3.1.13)
    (first DMARC experience)
    So I'm trying to setup DMARC (after SPF and DKIM) trying to make emails going to destination.
    I've tried on one hosted domain, where I have only put the host admin email in 'rua' and 'ruf' fileds.
    So DNS TXT generated looks like :
    Code:
    _dmarc.hosted_domain.tld.
    Code:
    v=DMARC1; p=none; rua=mailto:[email protected]_domain.tld; ruf=mailto:[email protected]_domain.tld
    But while checking for the DMARC records (OK) I'm told :
    Code:
    DMARC External Validation                       External Domains in your DMARC are not giving permission for your reports to be sent to them.
    Despite having read the dmarc.org infos, I don't understand how to allow DMARC infos from hosted domain to be sent to host domain.
    Thanks in advance for your lights !
     
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    https://dmarc.org/2015/08/receiving-dmarc-reports-outside-your-domain/

    External Reporting Authorization Records
    Under these rules, if the operators of example.com wanted to receive their aggregate reports at [email protected], hey would include this rua tag in their DMARC record:

    [email protected]
    When a report generator has an aggregate report to send to example.com, it will consult example.com‘s DMARC record and extract the address above. Since the domain in that address is not example.com or its organizational domain, it would have to make an authorization check first. It would take that domain the report is for (example.com), and the domain that the rua field references (otherdomain.com), and construct a new name like this:

    example.com._report._dmarc.otherdomain.com
    The report generator would then look that name up in DNS. If the domain operator for otherdomain.com has published a DNS record at that name with the contents “v=DMARC1”, then the report generator may send reports for example.com to an email address at otherdomain.com.
     
    Jesse Norell and electronico_nc like this.
  3. Thanks a lot Florian !
     

Share This Page