Email Security/Exchange Online - Ensure That DMARC Records For All Exchange Online Domains Are Published

 









Summary

Publish Domain-Based Message Authentication, Reporting and Conformance (DMARC) records for each Exchange Online Accepted Domain.

Reason

Generally, DMARC works with Sender Policy Framework (SPF) and DomainKeys Identified Mail (DKIM) to authenticate mail senders to make sure that destination email systems trust messages sent from the system's domain.

What If?

The impact of setting up DMARC records should be none, but, a proper DMARC record setup should be done by an organization, to ensure continuous mail-flow.

How to?

To add DMARC records, use the following steps:
  1. For each Exchange Online Accepted Domain, add the following record to DNS-  

Record: _dmarc.domain1.com
Type: TXT
Value: v=DMARC1; p=none;

      2. This will create basic DMARC policy that audits compliance.

Monitor:

To verify that DMARC records are published, perform the following steps:
  1. Open a command prompt.
  2. For each Accepted Domains in Exchange Online type the following command-

nslookup -type=txt _dmarc.domainl.com

      3. Now, ensure that a policy exists that starts with v=DMARC1;. 



















































































Comments

Popular posts from this blog

Deployment (Part 3)

Deployment (Part 1)

Project Resourcing (Part 2)