Re: DMARC Deployment

[Brian Epstein <bepstein () IAS EDU>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hi Alex,

No problem.

In regard to Google, I believe that the support page you are looking
at is either outdated or wrong.  :)

I am getting domain reports from Google on the 5 I have set up.  3 of
them are Google Apps accounts and they are receiving domain reports
from Google and outside domains.  So it seems like Google is
supporting ruf, although I may be misunderstanding something.

Thanks,
ep

On 10/21/2015 01:37 PM, Alexandre Adao wrote:
> Hello Brain,
>
> Thanks for the feedback. I have just started today and I will be 
> monitoring the email traffic very closely. Unfortunately, it seems
> that Google does not support " ruf "  tag ( 
> https://support.google.com/a/answer/2466563?hl=en ). My only
> concerns are the mailing list and email forwarding that I may have
> some issues.
>
> Thanks, --Alex Adao
>
>
> On Wed, Oct 21, 2015 at 10:30 AM, Brian Epstein <bepstein () ias edu 
> <mailto:bepstein () ias edu>> wrote:
>
> Hi Alex,
>
> I haven't deployed DMARC, yet, for the IAS, however, I have
> deployed it for 5 other organizations that I am a part of.  In its
> first phase, I have made all the DMARC and SPF settings pretty
> forgiving and am collecting reports from domains to see how my
> users are doing.
>
> Once I gather a few months of details, I'll be in a better position
> to write better SPF records.  I'm always amazed at the number of 
> legitimate third party places that need to send emails as my
> domain.
>
> After identifying those places, I'll probably start locking it
> down and asking mail servers to start denying email from places not
> in my SPF records.
>
> So, I definitely suggest adding the ruf= stanza to the DMARC
> record for the trial period at least.
>
> Once I'm more comfortable with these other organizations, I'll
> start the same process for ias.edu <http://ias.edu>.
>
> Thanks, ep
>
> On 10/20/2015 05:07 PM, Alexandre Adao wrote:
> > Hello,
>
> > Has anyone deployed  DMARC (Domain-based Message Authentication, 
> > Reporting & Conformance)  in your email domain? ​Thanks,
>
> > --Alex Adao​ ​ ========================================
> > Alexandre Magno Adão Morgan State University - CGW 300k Network
> > Services Manager/Interim CISO Planning & Information Technology 
> > 443-443-885-4415 Office 443-803-3154 <tel:443-803-3154> Cell
> <http://www.morgan.edu>
>
>
>
>
>
>
>
> -- ======================================== Alexandre Magno Adão 
> Morgan State University - CGW 300k Network Services Manager/Interim
> CISO Planning & Information Technology 443-443-885-4415 Office 
> 443-803-3154 Cell <http://www.morgan.edu>

- -- 
Brian Epstein <bepstein () ias edu>                     +1 609-734-8179
Manager, Network and Security           Institute for Advanced Study
Key fingerprint = A6F3 9F5A 26C5 5847 79ED  C34C C0E5 244A 55CA 2B78
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJWJ9kCAAoJEMDlJEpVyit4+AMP/Alr5wGaFHLnENQdE92yClXl
lvfmZt93jPNXHujxNvvdVInhU66LzxLKdN2A4p1hFHVgMk8W4rXhRF++DBoG4CQ2
WTLvcY+4HqDHB+2tWszxEOnMjDP/kKp6Pay3vjtQ6+xtrdqr4QASTN6JzVwa3YFY
353hF2b9yTWxKv4wuM578RvTXon0Kz+oTuSeyRNt3IG+UJHg+h6mQjisnzUmV8B/
0hl++58llcha6ow4y3IkLq6qGcRcoOg7vYHqnJ004QXGAqcHeZIJaaKS6K6gi9c8
tnnBcLiFmydgb1Sah7ui/zYGo99Tt+4scjB2Sm/qAniC5nNfpNQlaC4UC3yRwiQ2
S2SHbtpmyCOJFd5BnxonD+CFluo/GenjoF11rNcDAomt3UI9g/9XcbOoopR0PfbM
7mWvHJvNAz9JWNepfsqSHPk4g77SnnXcEoo6zHzDrZ2wMbJQ7IMq3JAqz9WT6t+i
d9FaOKwDOoJ4nGFcUVL1j4OqKVPsxkdlCWNMBSwG47x2mJJUycCeBbb5IgIEHP1U
iKF83tPGkRmZZjZ2Jpcncj7qmcKusu+J7ljfTC5cw+mq/LKqljwhAUO8JMCV3DEg
B6jBKbnFqbbdb8qFWMNbpnH/VOvOrQjW5zQKQLsqck9XJNlwKkWASmud/LkvW2Au
d7QvN9RMMp+N7SQwKmRT
=shFD
-----END PGP SIGNATURE-----