Insight
My cloud email provider supports DMARC. Do we still need to implement it?
UPDATED ON AUGUST 18, 2020
Many of the of the cloud email providers are or have started to provide DMARC support. However, they only provide support for DMARC on the receiving side. Meaning, that they are enabling DMARC verification for their users (G-Suite, O365, gmail, hotmail, yahoo.com, etc). DMARC Verification is used to check all incoming message for a DMARC policy. So if a message from gotdmarc.org to globalcyberalliance.org (which has DMARC verification enabled), the mail gateways at globalcyberalliance.org will check the DNS of gotdmarc.org for a DMARC policy.
Your organization will need to implement a DMARC policy. It’s the DMARC policy that is protecting your domain (along with SPF and DKIM).
The reason for cloud email providers do not create DMARC policies is because:
- They do not have access to your domain’s DNS.
- They do not want to impact messages are being sent. If they set the DMARC policy to reject, there is a chance legitimate messages will be blocked due to incorrect configurations. Additionally, the cloud service providers are not aware of what other services you may be using to send messages.
- They do not know where to send the reports to.
Guides and Resources
If your organization is using Google’s mail servers, then use the follow guides:
- Configure SPF records to work with Google Apps – https://support.google.com/a/answer/178723?hl=en
- Google – About DKIM – https://support.google.com/a/answer/174124?hl=en
- Google – About DMARC – https://support.google.com/a/answer/2466580?hl=en
If your organization is using Office 365, then use the follow guides:
- Setup SPF in Office 365 – https://technet.microsoft.com/en-us/library/dn789058(v=exchg.150).aspx
- DKIM – https://technet.microsoft.com/en-us/library/mt695945(v=exchg.150).aspx
- Microsoft and DMARC – https://technet.microsoft.com/en-us/library/mt734386(v=exchg.150).aspx
- Setup SPF/DKIM/DMARC video: https://youtu.be/WRe1eizjYaA
If your organization is using Protonmail, then use the follow guides:
- SPF and DKIM – https://protonmail.com/support/knowledge-base/anti-spoofing/
For other systems, please use this resource guide: https://dmarc.globalcyberalliance.org/resource/tips-for-dmarc-implementation/