60

DMARC on by default


Avatar
Infra Blocks

DMARC can be used to reduce the spam score for mails coming from the domain. If SPF is set and DKIM is enabled DMARC combines these 2 to strengthen the security of sending mails.

We would like to enable a default DMARC record in DirectAdmin without any active policy or reporting to give the user the insight that he can configure his DMARC record without any modification from the hosting provider.

A suggested default value:.

“v=DMARC1; p=none; sp=none”

With a link to the DirectAdmin docs to enable reporting, quarantaine and reject policies.

A

Activity Newest / Oldest

Avatar

Jarland Donnell

I think this is better done with DNS templates: docs.directadmin.com/other-hosting-services/dns/general.html

Putting it in custom/dns_txt.conf should handle it.


Avatar

fln

Status changed to: Open

Avatar

Gedas

Status changed to: Under review

Avatar

Hosted Power

The default you suggest doesn't do much, you could keep not having a dmarc then.

Our default recommendation would be at the very least:

v=DMARC1; p=reject; aspf=s;

Still no reporting, but at least it would enforce spf as it should.

Would be nice the default dmarc could just be configured of course :)


S

Steve Arbour

I would like to add that, auto-replies, and vacation message should be sent from the hostname than a virtual exim user belong too, and not the server hostname, because it is a constant cause of why DMARC fail with auto-replies/vacation message, which, if DMARC was enabled by default, could have impact, but I agree it need to be on by default, possibly in strict mode too


  • Avatar