DMARC Policy Enforcement defined

Description

This article describes the settings found in the DMARC Policy Enforcement section of the Filtering tab within the Mailprotector console. For additional information please see: Default settings for DMARC policy enforcement.

 

Bounce messages that fail DMARC with a reject action

Messages that were rejected due to the recipient’s DMARC policy.  

Messages that fail DMARC with a policy set to reject should honor the policy and be bounced. However, adjusting this behavior could be beneficial in certain circumstances. In the Filtering settings, you can choose to bounce an email that fails DMARC with a reject policy, or you can assign it a score (see DMARC failure with reject action below). The DMARC reject toggle is enabled by default.

 

DMARC failure with reject action

Messages where DMARC authentication failed and reject was the action suggested by the DMARC policy.

This is a significant authentication failure that indicates the message is not originating from an authorized source (SPF) and/or is not digitally signed (DKIM) as defined by the sender domain owner. CloudFilter enforces the policy set by the sender domain owner.

This score setting is only used if the above DMARC reject toggle is disabled. The message will not be bounced; rather, it will have the score of this setting added to it. The DMARC reject score is 400 by default.

 

DMARC failure with quarantine action 

Messages where DMARC authentication failed and quarantine was the action suggested by the DMARC policy.

This is a significant authentication failure that indicates the message is not originating from an authorized source (SPF) and/or is not digitally signed (DKIM) as defined by the sender domain owner. By default, this result adds 200 to the message, triggering a quarantine decision. You can increase or decrease the scoring sensitivity of this result.

 

DMARC failure with no action

Messages where DMARC authentication failed and no specific action was suggested by the DMARC policy.  

This is a significant authentication failure and indicates this message the message is not originating from an authorized source (SPF) and/or not digitially signed (DKIM) as defined by the sender domain owner. By default, this result adds 100 to the message, which will not on its own trigger a quarantine decision but may contribute to the score enough to quarantine. You can increase or decrease the scoring sensitivity of this result.

 

DMARC authenticated

Messages that were successfully authenticated and allowed by DMARC policy.  

This result means the message followed the DMARC policy originating from an authorized source (SPF) and/or contained a valid signature (DKIM). By default, this result adds 0, so it won’t affect decisions either way. You can customize this result and assign a negative (good) score from 0 to -200. This allows you to trust messages that pass DMARC authentication that may otherwise get filtered for other attributes. 

 

DMARC policy not available 

Messages where the domain in the From header has no DMARC policy or the From header is missing. 
This result doesn’t directly indicate a security risk. By default, this result adds 0 to the message, so it won’t affect decisions either way. You can increase the scoring sensitivity of this result.

 

Bad DMARC Policy 

Messages where the DMARC policy was invalid or multiple policies were found in DNS.

This result doesn’t directly indicate a security risk, but it indicates a misconfiguration. By default, this result adds 0 so it won’t affect decisions either way. You can increase the scoring sensitivity of this result.  

 

Still need more help? Please contact the Partner Success team.

 

 

Have more questions? Submit a request

Comments