Educause Security Discussion mailing list archives

Re: DMARC Deployment

From: Brian Epstein <bepstein () IAS EDU>
Date: Wed, 21 Oct 2015 10:30:07 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Alex,

I haven't deployed DMARC, yet, for the IAS, however, I have deployed
it for 5 other organizations that I am a part of.  In its first phase,
I have made all the DMARC and SPF settings pretty forgiving and am
collecting reports from domains to see how my users are doing.

Once I gather a few months of details, I'll be in a better position to
write better SPF records.  I'm always amazed at the number of
legitimate third party places that need to send emails as my domain.

After identifying those places, I'll probably start locking it down
and asking mail servers to start denying email from places not in my
SPF records.

So, I definitely suggest adding the ruf= stanza to the DMARC record
for the trial period at least.

Once I'm more comfortable with these other organizations, I'll start
the same process for ias.edu.

Thanks,
ep

On 10/20/2015 05:07 PM, Alexandre Adao wrote:

Hello,

Has anyone deployed  DMARC (Domain-based Message Authentication, 
Reporting & Conformance)  in your email domain? Thanks,

--Alex Adao  ======================================== Alexandre
Magno Adão Morgan State University - CGW 300k Network Services
Manager/Interim CISO Planning & Information Technology 
443-443-885-4415 Office 443-803-3154 Cell <http://www.morgan.edu>




- -- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Manager, Network and Security           Institute for Advanced Study
Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWJ6FvAAoJEMDlJEpVyit4M54P/AkzxWMRj0F2vC0fs5eRODL6
UMrYcEyrKN5L3QjKlDTyqxcTe36IkuBmMJv8Gay6ZOdw8dzSd2t+kSwrdPQtp7Pn
b8k009pHqGZTODYk/OKi3QL+4WtqClK2D4QnYFDGMrAHjImIcRv8A8wuu4bKH29v
kXmwlXtqjHJT7B04PhsuCom/w1fEMKLb5OPXiUfnMTKx5kQM/uGziGJYjgc97nSr
++AlkNO3sPsrKCL19SpIy+ihTQfwhCXDHUVk8Mm2iCGfSP6zn3cWTSSAoAGv0S7u
lEcK7+TSrfmUCSBSvrR1ffz2X9hSKrMn1uG6cD23n0j6jPpC25Xd1EWa35KhxwEM
IMxuLaCxacHBD0/ig2FPG5wanQuNgf3Tq9rO7p/n0LpEVfIGZXmcGGb0NBNfBDlD
J/zYSc8i6xwJ1AW9qtAoEJKgBFe/D2mZzs5jej+NUMOQxM+s9kvUcCZDKOJsuqQ+
XpNnPb87vrHasd9Y8Zuq4gRD17oyp7n16lcvkJOskMYcMvYJjck8/rgrbPuFpNjo
Q++HHWKQWD27U7SbDtMi1YVBPPTeRMx9o2PDE5m/V+9krK3KFkgFGxQoNaCMUUYT
bUbz3CaBWjeoLEDNII/TUSWwz/hId9hhHq7JZl0Jdb9MLiWzKOLMntxq4kys1+et
mp7UKVYH17krVD6WunOQ
=YzX8
-----END PGP SIGNATURE-----

Current thread:

DMARC Deployment Alexandre Adao (Oct 20)
- Re: DMARC Deployment Martinez, Brian (Oct 21)
- Re: DMARC Deployment Brian Epstein (Oct 21)
  - Re: DMARC Deployment Alexandre Adao (Oct 21)
    - Re: DMARC Deployment Brian Epstein (Oct 21)
  - Re: DMARC Deployment Derek Diget (Oct 21)
    - Re: DMARC Deployment Brian Epstein (Oct 21)