Note with DMARC, you need to set the policy directive to either "reject" or "quarantine" if you want something done with the emails. If you leave it as "none", the emails will still go through once the evaluation is done.
Also, you MUST have both DKIM and SPF set up for the domain before you set up DMARC. For SPF and DKIM you can also set the alignment for the domain, with "relaxed" meaning it will do a partial match of the domain name, which will allow something like "mail.example.com" to match "example.com" or "strict" meaning it can only match the exact domain. If you only send email with a single version of your domain name, then you should use strict. My DMARC record is as follows: _dmarc IN TXT "v=DMARC1;p=reject;rua=mailto:[email protected];aspf=s;fo=1;ruf=mailto:[email protected];"; As you can see I am stating the version ("v") which is required, the policy ("p") which is required, the SPF alignment mode ("aspf"), the email address to send reports to, and the failure reporting options as to what level of failure needs to be reached before a report is sent ("fo"). Policy is usually set as "none" when you first set up DMARC so you can read the reports that come in and make sure you will not get rejected from various servers. Once you see that your emails are showing up as passing for places like Google and Yahoo, you know you are fine and can then set your policy to "reject" or "quarantine". I have mine set to "reject" now, so if you had that set for YOUR DMARC, then Google would reject any email explicitly not allowed by your DNS settings to be sent using your domain as the "from" or "return-path" sender. If you use "quarantine", then the emails would probably still deliver, but be put in the junk/spam folder automatically. If you use "reject", the emails are rejected at the SMTP level - they bounce immediately at the handshake. I still get DMARC reports sent to me just so I can check them every once in a while and make sure I'm not seeing any rejections from my own mailserver. If I'm seeing rejections from OTHER mailservers that I haven't explicitly authorized to send email on my domain's behalf, then that means those mailservers parse DMARC and pass/fail/reject emails based on the DMARC record. Hope that helps some for any emails going out to other servers and services. I'm thinking you were saying your issue was you were receiving spoofed senders for you OWN domains though, so if that's the case, then a DMARC record wouldn't help you unless YOUR server was checking DMARC. I don't know how to set up qmail to TEST for DMARC, so my own server doesn't test incoming emails, so I can't help there.... While I see in my maillog where I'm getting emails sent "from" my own domain as spoofed senders, 99% of the time those emails get blocked from delivery by a bad reverse DNS and I never actually see them in my mailbox. Jaime From: Miguel Angel Amable Ventura <[email protected]> Reply-To: <[email protected]> Date: Friday, August 28, 2020 at 10:02 AM To: <[email protected]> Subject: Re: [qmailtoaster] spoofing display name Hi Chandran Are you sure the emails are spoofed? Or they are comming from your own server? Greetings! El 28/08/2020 a las 03:12 a. m., ChandranManikandan escribió: Hi Guys, As you advised, I have already configured SPF,DAMAR on my dns server, but still spam emails received from my domain name or my email address. I have done default score hits 5. Now less spam emails are received. On Fri, Aug 28, 2020 at 4:07 PM ChandranManikandan <[email protected]> wrote: Hi Eric, Any possible ways to block unauthenticated those emails. On Thu, Aug 27, 2020 at 7:01 PM Eric Broch <[email protected]> wrote: I'm not sure how to help you guys with this. Have you thought about asking on the spamdyke or spamassassin mailing lists? On 8/27/2020 3:56 AM, ChandranManikandan wrote: Hi Tahnan, Am also facing a similar problem, and I am running both spamdyke & spamassassin. is there any misconfiguration on my server and any tighten the rule. I Appreciate anyone helping me. On Sat, Aug 22, 2020 at 8:28 PM Tahnan Al Anas <[email protected]> wrote: Dear Eric, Recently I have observed all of my servers getting spoofed display name spam mail. Which mean someone spoofing my user display name only and sending lots of spam which my user thinking came from their boss or someone important in the organization. Is there any rule which can stop spoof display name spam in spamassasine? -- -- Best Regards Muhammad Tahnan Al Anas -- Regards, Manikandan.C -- Regards, Manikandan.C -- Regards, Manikandan.C
