Hi pintudason
I am not clear on the purpose of your post, but I think the point of the thread has been missed.
DMARC is designed to reduce spam and phishing attacks, but only from the viewpoint of an email sender.
Designed to help reduce bad email is accurate, but I would disagree on the viewpoint.
DMARC is a policy deployment and management tool. It is controlled by a domain owner. It is to provide the domain owner with the opportunity to advise email receivers of the appropriate tests and actions a receiving server should take when receiving an email purporting to be from the owners domain.
DMARC is very much about both sending and receiving email.
Senders of email can protect their domains from being used as phishing targets.
CPanel servers are configured to tell remote servers all about DMARC via the DNS server for the domains hosted on that server. That is a DNS configuration not Email.
However, Exim Mail Server on CPanel is NOT configured to inspect DMARC settings when receiving email for any domains, remote or local.
Exim on CPanel will NOT prevent spoofed email being received and accepted regardless of the DMARC settings of the spoofed domain.
Clearly, if a domain owner hosts email on a CPanel Server, then "Senders of email CANNOT protect their domains from being used as phishing targets."
Disappointingly, CPanel servers / Exim mail are not checking any DMARC settings when receiving email and do not have the tools available to do so.
For anyone reading this thread, please upvote the Feature Request here:
Enable DMARC support on exim or we are just wasting our time with attempting email security.