Our University has implemented DMARC for email authentication, what do I need to do to get my Emma Mail distributions passing DMARC?

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
Archived and Closed

This conversation is no longer open for comments or replies and is no longer visible to community members.

DMARC email authentication
Photo of Sarah

Sarah

  • 1 Post
  • 0 Reply Likes

Posted 2 years ago

  • 0
  • 1
Photo of DeAndre Courtney

DeAndre Courtney, Employee

  • 20 Posts
  • 1 Reply Like
Hey Sarah,

DeAndre from Emma Support here!

Emma is not currently set up to support DMARC for customers. Using a domain with DMARC implemented will result in message failures for any receiving domains that check for DMARC records (so, most of them). The reason we can't support DMARC is that we do not support using DKIM keys specific to each customer. We don't have a good way to store those keys currently and the methodology for storing and using them doesn't exist in the app ... and it might not for some time. That being said, there are two options our delivery team recommends:

  1. You can stop using DMARC. This works best in cases where you haven't implemented DMARC consciously, but maybe did it just because it popped up as an option. It's less compelling when your security team sees it as a necessary measure to secure email communications.

  2. You could add "sp=none" to their DMARC record, then start using a subdomain when sending from Emma (i.e. -- emma.domain.com). The "sp" part says that any subdomains of the domain do not use the top level DMARC settings, but rather have their own that take precedence. You could create a DMARC record for the subdomain emma.domain.com with "p=none" instructing receiving domains to take NO action should DMARC authentication not align and this would effectively end the bounce issue.

Please let me know if you have any additional questions here.

Cheers!
Photo of henrik

henrik

  • 1 Post
  • 0 Reply Likes
Adding a subdomain policy of none with sp=none, would be an invite to the criminals just to pick a random subdomain when they want to spoof the university's email.
Photo of DeAndre Courtney

DeAndre Courtney, Employee

  • 20 Posts
  • 1 Reply Like
Hey Henrik,

I definitely understand the concern that you have, but  you don't have to use sp=none. It just helps eliminate the chance of a breakdown in the workaround as our delivery experts have informed me. Please let me know if you have any additional questions here.

Cheers!