DKIM is a way to authenticate message by signing domain, it doesn't tell you which domain should sign this message and what should you do if the messages is not signed. DMARC does not replace DKIM, is uses DKIM and SPF as an authentication mechanisms. DMARC is a way to publish an authentication policy for you domain. So it:
1. DMARC checks alignment. It means for DKIM-DMARC to pass, domain used in DKIM signature must be aligned with domain used in RFC5322.FROM field. So, DMARC protects you from spoofing, while DKIM doesn't. You can sign messages with "example.org" From: with "spammer.com" DKIM, and it is valid DKIM signature, but it does not pass DMARC checks. 2. DMARC instructs recipients what to do if messages doe not pass either DMARC authentication (that is, it doesn't has DKIM or SPF authentication aligned with From: header). DKIM doesn't tells you what to do if message is not DKIM-signed or signature is invalid. DMARC does. You can specify strict DMARC policy to reject or quarantine (put into Spam folder) message if it fails authentication. 3. DMARC publishes reporting policies. Eric Tykwinski пишет: > So I’ve seen on here, people seem to be pushing for DMARC, but > honestly what is the difference between DMARC and just using DKIM for > end users. IMHO, if the message is signed with DKIM, sending reports > for DMARC matters little besides knowing that someone is spamming with > your domain. I’m sure this happens a lot for free domains > like gmail.com <http://gmail.com>, outlook.com <http://outlook.com>, > et al, so is there really much of an advantage? > > I understand the idea of sending DMARC reports sounds great, but I > don’t think any of our business servers support it as of yet, but I’ll > definitely be asking vendors... > > Sincerely, > > Eric Tykwinski > TrueNet, Inc. > P: 610-429-8300 > > > _______________________________________________ > mailop mailing list > mailop@mailop.org > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop -- Vladimir Dubrovin @Mail.Ru
_______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop