How to set up a DMARC for emails

I have a vendor whose emails are going into a quarantine folder in the O365 admin center.
I ran a message header analyzer and found this.

Authentication-Results: spf=pass (sender IP is 13.111.207.78) smtp.mailfrom=bounce.relay.corestream.com; mcneese.edu; dkim=none (message not signed) header.d=none;mcneese.edu; dmarc=none action=none header.from=mcneese.edu;compauth=fail reason=601

Adding a DMARC/DKIM is completely new for me and i am not sure how to do this.
I found the SPF and was wondering if I need to add the vendors IP into the spf ip:4 field?

v=spf1 ip4:192.251.101.63 ip4:192.251.101.194 ip4:192.251.101.245 ip4:192.251.101.227 ip4:192.251.101.186 ip4:192.251.103.53 ip4:192.254.117.2 ip4:192.251.101.4 ip4:167.89.118.52 ip4:167.89.123.54 ip4:206.53.232.226 ip4:206.53.232.227 ip4:206.53.232.228 ip4:206.53.231.169 ip4:216.146.32.152 ip4:216.146.32.153 ip4:216.146.32.154 include:useast.radiusbycampusmgmt.com include:radiussend.com

Any help is greatly appreciated!! Really lost here.

Regarding a DMARC, DMARC is a TXT type of DNS records.

You can add a new TXT record at DNS tab for your domain/site at Cloudflare dashboard, in case if needed, using the below tutorial.

In case you need to generate an DMAR record, kindly use online tools like:

• DMARC Record Generator | Mimecast

• https://dmarcian.com/dmarc-record-wizard/

• DMARC Record Generator - Create DMARC DNS Records - MxToolbox

Usually, we have a TXT record _dmarc.yourdomain.com and a value as an example from below:
v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1

Furthermore, DKIM is also an TXT record type as SPF too.

DKIM value is being generated at your server for your domain, later on added to DNS for your domain, while the private key is saved on the server itself.

You can use below tool to check for existing DKIM if so:

• Mimecast DKIM Check | Mimecast

To check for SPF, use:

• SPF Record Check | SPF Checker | Mimecast

Nevertheless, sharing here a list of websites/tools I usually use to check my e-mail functionallity, test or even generate something in case I forgot how does it go:

• Dig (DNS lookup)
• https://ssl-tools.net/
• https://ssl-tools.net/mailservers
• STARTTLS delivery test · SSL-Tools
• //email/testTo:
• https://www.mail-tester.com/
• About the email test
• https://intodns.com/
• https://powerdmarc.com/power-dmarc-toolbox/
• SSL Security Test | ImmuniWeb

Hope they will help you too

If I implement a DMARC do i need a DKIM? I believe our mailserver isn’t an onprem.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.