Excellent! Your explanation demystified this setup that's been illuding me for a week. By pausing your video as I went, I was able to setup the DMARC record and validate it. The first validation failed due to syntax error, which was a missing semicolon at the end. One additional suggestion I'd make is to check the "raw" DMARC code in the record created. The optional tags I didn't specify were set to "relaxed" rather than "strict" which didn't appear until I checked the raw coding. The "raw" coding included the default settings I didn't specify, which is where the issues were found.
When I add these for my Google Domain, it knocks my site offline. I can see using a tool that the spf, skim, dmarc are all setup correctly - but the nameserver settings for my website aren't working. However when I prioritize my name servers, then my workspace email settings don't work properly. Any ideas on what I could be doing wrong. A bit more info - my registrar is Google domains and my web host is through wix, using their name servers. Previously, I was using custom name servers (in google dns settings) but to setup my workspace properly (also through google) I used default name servers. Using default, I don't see an option (or don't properly understand) how to setup the name servers there. When I try I get an error, "cannot change ns records on the root domain with google domains name servers.". Any pointers?
Hi, It is not clear why/how someone could by-pass a domain SPF protection and dmark will fix that? Because dmark is more to get reports and notificaitons when someone tried to send on your domain name?
Does anyone know why companies hardly set these records up and when being confronted with it companies seem to not care. Even IT professionals seem to not care about their protection.
I was looking to see if you made that video for setting up DKIM but could not find it. I host my own mail server (Mercury Mail) and I found myself needing to configure this but with great difficulty. I really don't have any hair left to pull out lol
This is a great and very informative video. I have one problem/question through regarding the DMARC enforcement. You said set it to restrict, but my concern is that if someone in my organization sends and email from home rather than the office the message would be rejected by the recipient. Our SPF is set for Office365, plus some static IPs we have for our offices, so emails sent from home or a mobile device may fail with this setting on, correct?
No, it will be fine. The user's client wherever they are based will connect to your O365 mail infrastructure which will send the email on the client's behalf. Clients never send mail directly; the email is passed from client to mail server and then off to the internet to another mail server until it gets to its destination.
Thank you for the clear explanation. You said DKIM must be configured for DMARC to work, however, what I understood from my research, that you only need either SPF or DKIM (or both of course) for DMARC to work, but not necessarily both. What's your input on that?
That's correct, either SPF or DKIM should be aligned for DMARC to pass. However to improve on deliverability rate, it's better to have both. Also considers that only DKIM alignment will survive when email is forwarded.