Using DMARC with Small Business Server or Office 365
January 4, 2017 Leave a comment
The title is a bit misleading, so lets just acknowledge that straight away. Publishing DMARC is not related to the system you use to host your email. In the same way that SPF is not related to the system that you use to host your email.
As part of my day job I deal with several large organisations, who, for various reasons have not moved their email infrastructure to the cloud. As part of this, I have the unenviable and thankless task of trying to prevent spam, and guarantee deliver-ability of their sent mail.
It really does stagger me that so many organisations still, to this day, do not implement things like SPF, let alone use DMARC.
DMARC provides an extra layer of protection beyond SPF or DKIM. It also includes the ability for the recipient system to report back to the sending domain.
Anyway the point of this post was to highlight DMARC, the ease of configuration and hopefully point you to the right information quickly.
With that in mind here are the key pieces of information.
- DMARC is a TXT Type DNS Record
- The HOST name should be _dmarc
- The Value must start v=DMARC1
If you can follow those pieces of information, you will have no trouble enabling it.
So, why did I say ‘use dmarc with SBS and Office 365’ ?
Because, you want to implement DMARC to evaluate received email, don’t you?. I mean, most of these email authentication methods fall down flat if the receiver does not implement them.
Unfortunately Exchange 2010 (SBS 2011) does not support DMARC natively. So you will need to implement, or rather should already be implementing some kind of Anti Spam Service or off site Email Hygiene service like Exchange Online Protection, Exchange Defender, Trend Micro HES etc. These services will check DMARC for you.
Office 365 of course builds upon EOP and is already doing these checks for you.
The links below do a much better job of explaining this than i do, i cannot reccomend the MSExchange.org links highly enough.
Some more resources: