What's the status on DMARC?



  • DMARC records for email in 2020...
    Is it:

    1. a must have
    2. nice to have, can't hurt
    3. don't bother
    4. absolutely not!


  • @Pete-S said in What's the status on DMARC?:

    DMARC records for email in 2020...
    Is it:

    1. a must have
    2. nice to have, can't hurt
    3. don't bother
    4. absolutely not!

    Either one or two. If you can it's highly recommended.



  • It is only a nice to have.

    It can never be a must have, because it relies on the sender to do what it says, and you can never control the sender.



  • I recommend it, it doesn't hurt. But definitely not necessary.



  • I run DMARC (SPF and DKIM). I would recommend setting it up. DMARC, itself, is easy to setup. Just make sure that any services that you use to send out email are factored in when planning. For instance, some CRM SaaS products support SPF, but don't support DKIM. Obviously, DMARC allows you to handle SPF and DKIM separately, but I would recommend auditing the capabilities of all the systems/services that send email prior to deciding if/how you configure DMARC.



  • Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.



  • @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..



  • @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:
    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    That's actually not the case. We disabled it one day at a previous employer and people were calling IT like crazy saying they don't see the usual external message. It certainly helps most people



  • @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.



  • @IRJ said in What's the status on DMARC?:

    It certainly helps most people

    Helps, or confuses, because it's unclear when it's real or not.



  • @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.



  • @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.



  • @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.

    OK - I consider you the odd man out - no one around here sees that tag and thinks spam - at least no one has reported it as such.



  • @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.

    OK - I consider you the odd man out - no one around here sees that tag and thinks spam - at least no one has reported it as such.

    More that it makes it confusing and easier to get spam through. People get spam constantly and don't report it, your people call you up for every spam message?



  • @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.

    OK - I consider you the odd man out - no one around here sees that tag and thinks spam - at least no one has reported it as such.

    More that it makes it confusing and easier to get spam through. People get spam constantly and don't report it, your people call you up for every spam message?

    Every - of course not, but if there's a question, then yes in a lot of cases.

    See you see that and think it's spam - @IRJ and my users see that and are comforted that at least they were told the email came from the outside - so be on the lookout for weird shit - even more, if it claims to be from someone in the company, yet has this indication of coming from the outside - they know they can auto delete it as fake/spam/phishing....



  • @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.

    OK - I consider you the odd man out - no one around here sees that tag and thinks spam - at least no one has reported it as such.

    More that it makes it confusing and easier to get spam through. People get spam constantly and don't report it, your people call you up for every spam message?

    Every - of course not, but if there's a question, then yes in a lot of cases.

    See you see that and think it's spam - @IRJ and my users see that and are comforted that at least they were told the email came from the outside - so be on the lookout for weird shit - even more, if it claims to be from someone in the company, yet has this indication of coming from the outside - they know they can auto delete it as fake/spam/phishing....

    I wonder how hard it is to confuse the users by adding things there. Because I get them from the inside that say that they are outside all the time because it's inside people responding to an outside conversation and the email system doesn't properly manage the header.

    Because it's part of the TITLE, and not actually flagged in the email system, it's bizarre and possible to manipulate.



  • @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.

    OK - I consider you the odd man out - no one around here sees that tag and thinks spam - at least no one has reported it as such.

    More that it makes it confusing and easier to get spam through. People get spam constantly and don't report it, your people call you up for every spam message?

    Every - of course not, but if there's a question, then yes in a lot of cases.

    See you see that and think it's spam - @IRJ and my users see that and are comforted that at least they were told the email came from the outside - so be on the lookout for weird shit - even more, if it claims to be from someone in the company, yet has this indication of coming from the outside - they know they can auto delete it as fake/spam/phishing....

    I wonder how hard it is to confuse the users by adding things there. Because I get them from the inside that say that they are outside all the time because it's inside people responding to an outside conversation and the email system doesn't properly manage the header.

    Because it's part of the TITLE, and not actually flagged in the email system, it's bizarre and possible to manipulate.

    Umm no idea WTF you are talking about. This is the type of banner we are all discussing.

    E1AEE8D8-CA53-4F49-8BEB-49496A43DC62.jpeg



  • @JaredBusch said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.

    OK - I consider you the odd man out - no one around here sees that tag and thinks spam - at least no one has reported it as such.

    More that it makes it confusing and easier to get spam through. People get spam constantly and don't report it, your people call you up for every spam message?

    Every - of course not, but if there's a question, then yes in a lot of cases.

    See you see that and think it's spam - @IRJ and my users see that and are comforted that at least they were told the email came from the outside - so be on the lookout for weird shit - even more, if it claims to be from someone in the company, yet has this indication of coming from the outside - they know they can auto delete it as fake/spam/phishing....

    I wonder how hard it is to confuse the users by adding things there. Because I get them from the inside that say that they are outside all the time because it's inside people responding to an outside conversation and the email system doesn't properly manage the header.

    Because it's part of the TITLE, and not actually flagged in the email system, it's bizarre and possible to manipulate.

    Umm no idea WTF you are talking about. This is the type of banner we are all discussing.

    E1AEE8D8-CA53-4F49-8BEB-49496A43DC62.jpeg

    OH! That's nothing like what we are seeing. We see the SUBJECT of the email changed. It's becoming really common. I've ever seen that kind of banner. I'm seeing this junk that is shoved into the subject line and is really weird.



  • @scottalanmiller said in What's the status on DMARC?:

    @JaredBusch said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @Dashrender said in What's the status on DMARC?:

    @flaxking said in What's the status on DMARC?:

    Now that most email clients are pretty good at not just displaying the FROM field, it's probably not as important, but I still believe it is my duty to do everything I can to combat against the spoofing of my domain name.

    I've seen many businesses add a banner to email saying - this is from an outside domain as a way to hopefully get users to pay more attention. though the reality is that they are just likely to ignore it over time..

    I see that banner all the time, but it's random and isn't clearly associated with anything. We get it on our own messages. Seems not just useless, but wrong to me. Because it isn't clear what it refers to.

    We don’t have it, but several places we email with do use it... so we see it in replies from those places all the time.

    Yeah, we see it on all kinds of email. Just makes it all look like spam to me.

    OK - I consider you the odd man out - no one around here sees that tag and thinks spam - at least no one has reported it as such.

    More that it makes it confusing and easier to get spam through. People get spam constantly and don't report it, your people call you up for every spam message?

    Every - of course not, but if there's a question, then yes in a lot of cases.

    See you see that and think it's spam - @IRJ and my users see that and are comforted that at least they were told the email came from the outside - so be on the lookout for weird shit - even more, if it claims to be from someone in the company, yet has this indication of coming from the outside - they know they can auto delete it as fake/spam/phishing....

    I wonder how hard it is to confuse the users by adding things there. Because I get them from the inside that say that they are outside all the time because it's inside people responding to an outside conversation and the email system doesn't properly manage the header.

    Because it's part of the TITLE, and not actually flagged in the email system, it's bizarre and possible to manipulate.

    Umm no idea WTF you are talking about. This is the type of banner we are all discussing.

    E1AEE8D8-CA53-4F49-8BEB-49496A43DC62.jpeg

    OH! That's nothing like what we are seeing. We see the SUBJECT of the email changed. It's becoming really common. I've ever seen that kind of banner. I'm seeing this junk that is shoved into the subject line and is really weird.

    That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?



  • @JaredBusch said in What's the status on DMARC?:

    That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?

    Very few customers using O365 and none using that feature, I'd imagine. How does it display to people not on O365?

    We see something else from all kinds of users all different systems all over.



  • @scottalanmiller said in What's the status on DMARC?:

    @JaredBusch said in What's the status on DMARC?:

    That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?

    Very few customers using O365 and none using that feature, I'd imagine. How does it display to people not on O365?

    We see something else from all kinds of users all different systems all over.

    I'm not sure the option specifically is available to non O365/Exchange users - though I'm sure some email providers likely have some type of solution.

    I'm attaching what it looks like when they reply to a message you sent them, and how it still shows the banner that JB posted.
    https://i.imgur.com/YwUjasr.png



  • As for the screwing with the subject line - yeah I've seen that crap too, and I agree with you @scottalanmiller that stuff does appear a bit more spammy in that case.



  • @Dashrender said in What's the status on DMARC?:

    @scottalanmiller said in What's the status on DMARC?:

    @JaredBusch said in What's the status on DMARC?:

    That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?

    Very few customers using O365 and none using that feature, I'd imagine. How does it display to people not on O365?

    We see something else from all kinds of users all different systems all over.

    I'm not sure the option specifically is available to non O365/Exchange users - though I'm sure some email providers likely have some type of solution.

    I'm attaching what it looks like when they reply to a message you sent them, and how it still shows the banner that JB posted.
    https://i.imgur.com/YwUjasr.png

    Yep, I've set this up for a number of places.



  • @scottalanmiller said in What's the status on DMARC?:

    @JaredBusch said in What's the status on DMARC?:

    That image is a stander O365 box that only takes a few clicks to setup. How have you not seen that?

    Very few customers using O365 and none using that feature, I'd imagine. How does it display to people not on O365?

    We see something else from all kinds of users all different systems all over.

    A lot of SPam Filtering systems do have that option as well. A lot of medical and financial businesses enable this.