Using DMARC to reduce incoming email spam.

[GQsm]

I've searched the forum and internet at large in regards Cpanel using DMARC to reduce incoming spoofed email but everything I found seems to be about adding DMARC records on my cpanel server for domains I host, i.e. helping external recipients determine if an email supposedly coming from me is genuine or not to reduce the spam they receive.

I haven't found anything about my cpanel server utilising DMARC to check incoming email from others to reduce the spam (and especially spear phishing attempts) my own domains receive. Am I missing something?

Thanks.

 

[cPanelLauren]

If you go to cPanel>>Domains>>Zone Editor You should see the ability to create a dmarc record for your domains, if you do not your provider may need to add this feature to your hosting plan

 

[keat63]

I'm of the understanding that Dmarc verifies to other email servers that your sending domain is legitimate.

"A DMARC policy allows a sender to indicate that their messages are protected by SPF and/or DKIM, and tells a receiver what to do if neither of those authentication methods passes – such as junk or reject the message. DMARC removes guess work from the receiver’s handling of these failed messages, limiting or eliminating the user’s exposure to potentially fraudulent & harmful messages. DMARC also provides a way for the email receiver to report back to the sender about messages that pass and/or fail DMARC evaluation. "

In other words, if someone is pretending to be you and spamming from a different server, then dmarc will help to reduce spam, however, it won't reduce spam hitting your server.

I've no idea from your profile what level of operator you are.
If you are a root admin, consider utilising custom RBL's in exim config.

There are a number of options, but I don't think DMARC is one of them.
But don't quote me on this

 

[motific]

The OP is asking - How do I tell my MTA to respect DMARC records for other domains when receiving mail.

 

[cPanelLauren]

The OP is asking - How do I tell my MTA to respect DMARC records for other domains when receiving mail.

If that's the case then I believe some understanding of how this works with exim is necessary:

By default, the DMARC processing will run for any remote, non-authenticated user. It makes sense to only verify DMARC status of messages coming from remote, untrusted sources. You can use standard conditions such as hosts, senders, etc, to decide that DMARC verification should *not* be performed for them and disable DMARC with an ACL control modifier:

  control = dmarc_disable_verify

This is the default config nothing should need to be done.

 

[thowden]

Hi cPanelLauren

This is the default config nothing should need to be done.

Can you please clarify this statement.

It is my understanding that DMARC must be compiled into Exim first and it is apparently not included in a default cPanel / WHM / CentOS / CloudLinux build according to this test:

#exim -bV

<snip>
Support for: crypteq iconv() IPv6 PAM Perl OpenSSL Content_Scanning DANE DKIM DNSSEC Event I18N OCSP PIPE_CONNECT PRDR SPF Experimental_SRS
</snip>

Notably missing from that list of acronyms is DMARC.

A related Feature Request is here: Enable DMARC support on exim

Are you suggesting that the Feature Request is not required as the feature already exists ?

 

[cPRex]

I spoke with the email development team and confirmed the feature request is still valid, but not something that is currently on the radar due to the work with Mail Node and Ubuntu support.

 

[pintudason]

DMARC is designed to reduce spam and phishing attacks, but only from the viewpoint of an email sender. Senders of email can protect their domains from being used as phishing targets.

 

[thowden]

Hi pintudason

I am not clear on the purpose of your post, but I think the point of the thread has been missed.

DMARC is designed to reduce spam and phishing attacks, but only from the viewpoint of an email sender.

Designed to help reduce bad email is accurate, but I would disagree on the viewpoint.

DMARC is a policy deployment and management tool. It is controlled by a domain owner. It is to provide the domain owner with the opportunity to advise email receivers of the appropriate tests and actions a receiving server should take when receiving an email purporting to be from the owners domain.

DMARC is very much about both sending and receiving email.

Senders of email can protect their domains from being used as phishing targets.

CPanel servers are configured to tell remote servers all about DMARC via the DNS server for the domains hosted on that server. That is a DNS configuration not Email.

However, Exim Mail Server on CPanel is NOT configured to inspect DMARC settings when receiving email for any domains, remote or local.

Exim on CPanel will NOT prevent spoofed email being received and accepted regardless of the DMARC settings of the spoofed domain.

Clearly, if a domain owner hosts email on a CPanel Server, then "Senders of email CANNOT protect their domains from being used as phishing targets."

Disappointingly, CPanel servers / Exim mail are not checking any DMARC settings when receiving email and do not have the tools available to do so.

For anyone reading this thread, please upvote the Feature Request here: Enable DMARC support on exim or we are just wasting our time with attempting email security.