Domain-based Message Authentication, Reporting & Conformance (DMARC) is a standard that helps prevent spoofing by verifying the sender’s identity. If an email fails DMARC validation, it often means t...
Updated Jul 26, 2023
Version 3.0
Blog Post
3 MIN READ
Announcing New DMARC Policy Handling Defaults for Enhanced Email Security
Seconding ThomasStensitzki-MVP question about hybrid scenarios with centralized mailflow.
Technically the last hop, Exchange on-prem, might not be represented in the SPF record also it's not signing mails via DKIM. There is also no reason to put it on the SPF or signing at this point, because that's not the internet facing part; with the exception to Exchange Online.
I see the following Authentication Results for mails send by systems using our On-Prem Exchange server. For my understanding, those mails would be quarantined by default.
How can we fix this, without weakening security?
spf=fail (sender IP is 1.2.3.4) smtp.mailfrom=domain.tld; dkim=none (message not signed) header.d=none;dmarc=fail action=oreject header.from=domain.tld;