Hey everyone! I just set up DKIM and DMARC for our domain, and while it's working well, I decided to quarantine any incoming emails that fail DKIM checks. As a small company, we get a few aggregate reports daily to help distinguish between real issues and false positives, especially since we often work with smaller contractors whose IT practices can be a bit haphazard. I check these emails to ensure they're safe before releasing them to the intended recipients.
My question is, what do other admins do in similar situations? Do you reach out to senders to inform them about DKIM misconfigurations, or do you just let the emails filter through to users after reviewing them a couple of times a day? Or do larger organizations simply ignore the issue unless someone complains about not receiving emails? I'm kinda starting to find this process tedious, but some emails are important, so I hesitate to let potentially fake ones through without a second thought. Thanks for any insights!
3 Answers
I assume you meant to talk about DMARC instead of just DKIM? Make sure to check your DMARC record; if it's set to quarantine or reject, you can't blame mail servers for filtering your emails if there's a misconfiguration. If you're using M365, you can send quarantine reports to users or allow them to self-service.
Generally, you should follow the DMARC policy set by the sender. If they don't have one, those emails might just go to the spam folder, because you don’t want to block or quarantine based solely on DKIM or SPF failures since they can vary independently.
I wouldn't block emails solely based on failed DKIM checks, especially since many of the small companies we deal with might not have DKIM set up at all. Though I do quarantine based on failed SPF checks and then manually review those before adding them to an allow list.
Related Questions
Can't Load PhpMyadmin On After Server Update
Redirect www to non-www in Apache Conf
How To Check If Your SSL Cert Is SHA 1
Windows TrackPad Gestures