Home > OS >  DMARC compliance for an entire data center full of servers
DMARC compliance for an entire data center full of servers

Time:04-07

We're in the midst of a project to make all of our mail sources, including third parties that send on our behalf, DMARC compliant. We've run into a snag, namely an entire data center full of servers that send mail (usually just status updates or errors). If the mail's from address is <[email protected]> and we have many of them, and there are new ones added almost weekly, then how do get these compliant?

My understanding of DKIM and SPF, is that we'd need a DNS entry per host, because the receiving mail server checks on those records based on the FQDN of the from address.

Is there a reasonable way to keep using <[email protected]> as the from addresses and still make these 200 (and changing) servers DMARC compliant?

CodePudding user response:

Yes, this is what DMARC's "relaxed" mode is for. You can set that for both SPF and DKIM matching by adding these elements to your DMARC record:

aspf=r; adkim=r

However, this is the default behaviour, so you don't actually need to add them at all!

In this mode, a message from [email protected] would be a relaxed match for domain.tld.

  • Related