I’m trying to work out if I need to do this… I don’t see a setting in Virtualmin UI for doing this automatically (for either existing or new virtual servers), but I’ve seen instructions for putting the entry in the DNS Zone manually. I know that my domains have working SPF/DKIM, and when I ran a test from this site,
It concludes saying DMARC isn’t setup, but as I have valid SPF/DKIM DMARC gets a pass. If this is a generally accepted standard, then I guess I don’t need to setup anything manually, or is it still better practice to do so?
This is the entry I’ve seen recommended,
_dmarc.mydomain.com. IN TXT "V=DMARC1; p=none; fo:1; "
But I also came across this article,
It seems to suggest there is a place I can set DMARC settings, but I haven’t been able to find it. I’m also a little confused about the quarantine references… isn’t DMARC about getting a better sending rep, so I don’t know what could/should be quarantined… I don’t want to make things different/difficult for email users.
p=none means your letting all emails through using your domain including spammers, its usually done for testing and to make sure SPF and DKIM are setup correctly.
My default setting is v=DMARC1;p=quarantine;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;ruf=mailto:myuser@domain.com
You should be getting a report sent to your email when setting up to see if everything is correct so a simple v=DMARC1;p=quarantine;rua=mailto:you@domain.com
might be better if you think spf and dkim are correct, rau you should get a daily email from the likes of gmail and yahoo if emails are sent to them using your domain.
Are you using virtuamin for dns? Or is it external
virtualmin will set the dmarc for you in the dns settings, email go to the postmaster of your domain.
This is excellent! Exactly what I needed to get a better (and correct!) idea of what these systems offered/required.
A quick question you may know the answer to - when I am specifying the rua/ruf addresses for DMARC, do these have to be on the same domain, or can I use any email address? If any, then I’ll create a central account I can have all domains send to so I can monitor everything together. Thankfully, none of the domains are heavy mail users!
Yes, I am using Virtualmin for DNS for these domains.
I found the dmarc settings as you described in your image. They were set the same as your example. Is this a server wide default, or specific to each virtual server?
I removed the the example DMARC entry I had manually created, but I don’t see any entry in the zone file generated from the settings under DNS settings… Do I need to do something so it creates the entry?
When I now do the learndmarc test, it doesn’t detect a _dmarc policy (which I guess is correct, as there isn’t an entry in the Zone file).
So before I create an entry manually based of your example above, I thought I would check in case I just need to do something to activate the current settings.
It may be that when I next create a virtual server it is done automatically for me now.
