11-18-2019 06:05 PM
Hi,
Is it good and secure to tune our DKIM email security policy in notifying the sender when they're failing to DKIM verification instead of dropping the message? So the sender can fix also their DKIM set up on their end.
What's the best practice for this?
Thank you in advance.
-Daniel Plazo
Solved! Go to Solution.
11-19-2019 07:51 AM
The key problem with notifying sender is that they very often have no clue what DKIM is or means. Also a lot external applications sending in behalf of a domain fall into this category.
A while back we had asked for a feature request to be bale to inform the postmaster of the sending domain instead but this has not yet been implemented.
base don experiences we track DKIm failures by copying the email into a DKIM quarantine so we can analyse further but notifiying is/was not a good idea.
I hope that helps.
-Marc
11-19-2019 05:28 AM
11-19-2019 04:34 PM
Hello Roquiya,
Even Ironport has a multiple layers of defense? Is this enough to consider the email notification?
Thank You.
-Daniel
11-19-2019 04:41 PM
The problem with DMARC is that unless the sender is setup to leverage DMARC result data they will never find out that there is an issue with either SPF or DKIM.
While the deployment rate is increasing most companies use DMARC to reject untrusted sending IP's automatically. There are only very few companies which leverage DMARC or even ARC result codes for data mining.
I hope those 2 cents add to Cisco's anwer.
-Marc
11-19-2019 07:51 AM
The key problem with notifying sender is that they very often have no clue what DKIM is or means. Also a lot external applications sending in behalf of a domain fall into this category.
A while back we had asked for a feature request to be bale to inform the postmaster of the sending domain instead but this has not yet been implemented.
base don experiences we track DKIm failures by copying the email into a DKIM quarantine so we can analyse further but notifiying is/was not a good idea.
I hope that helps.
-Marc
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide