logoalt Hacker News

brightballyesterday at 10:20 PM2 repliesview on HN

DMARC isn't for sending email successfully, it's for preventing other people from impersonating your domain. Without it, there's nothing stopping anybody from sending an email saying it is from [email protected]. SPF tried. DKIM tried. Both of them had gaps.

When you use them together and have a DMARC policy that requires one of them or the other for successful delivery, it's the best current solution.


Replies

qurrenyesterday at 10:37 PM

Except I think I've had 1:1 personal e-mails from my domain go into a legitimate recipient's spam filter just because I didn't have DMARC set up and their mail server was flagging that "DMARC not set up == spammy domain"

show 2 replies
TZubiritoday at 1:46 AM

Right, and when you don't configure DMARC successfully and the recipient requires DMARC, then you cannot send email successfully.

show 1 reply