DMARC, which stands for "Domain-based Message Authentication, Reporting & Conformance", is a technical specification created by a group of organizations that want to help reduce the potential for email-based abuse by solving a couple of long-standing operational, deployment, and reporting issues related to email authentication protocols.
Paul Bargewell commented
We're facing changes within Gov't services that means the probable removal of the secure intranet service and a move to deploying services internet. The guidance requires us to enable DMARC to handle our mail systems.
So far SPF and DKIM are services we make great use of, but without DMARC it may see a migration from Sophos to something else. So adding this feature is going to be a big requirement for us and Gov't services alike.
We would like to have the reporting option to senders in our Sophos E-Mail Appliance.
James Brown commented
Bob, I think the real advantage of DMARC is that the sender gets a report so that he knows what's happening.
This is what the receiving mail server needs to do (or Proxy in Astaro's case). Ie if Astaro detects a phishing email, then a report gets sent to the address in the sending domain's DMARC DNS record.
That's my understanding anyway.
Steve Gibson did a podcast on it for more info. See http://www.grc.com/sn/sn-353.pdf from page 15 onwards.
Bob Alfson commented
That's interesting, Ronny. My first impression is that the Astaro SMTP Proxy already does all of this, but I admit that I only spent about 20 minutes reading the specification. It seems that some new parameters (like aspf instead of using +-~- in spf) add complexity while duplicating existing tools. Thinking about the emails I've seen get past the Astaro Proxy, I don't think there's anything in DMARC that would have blocked/quarantined them.
I love to play with new toys! Can you tell us what specific changes you would recommend for Astaro?
Cheers - Bob