The DMARC Settings page contains various options for including certain info in DMARC reports, logging DMARC DNS records, and updating the Public Suffix file used by SecurityGateway for DMARC.
DMARC Settings
DKIM canonicalized headers are included in DMARC failure reports
Enable this option if you wish to include DKIM canonicalized headers in DMARC failure reports. This is disabled by default.
DKIM canonicalized body is included in DMARC failure reports
Enable this option if you wish to include the DKIM canonicalized body in DMARC failure reports. This is disabled by default.
The previous two options are useful for debugging problems but do reveal email content in the process. |
Replace Reserved IPs in DMARC reports with "X.X.X.X"
By default SecurityGateway replaces your reserved IP addresses in DMARC reports with "X.X.X.X". Disable this option if you wish to make your reserved IPs visible in DMARC reports. This option does not apply to DKIM canonicalized data.
Refuse to accept messages if 'From' is incompatible with DMARC
Enable this option if you wish to refuse messages that are incompatible with DMARC requirements regarding 'From' header construction. These are messages with multiple 'From' headers or multiple email addresses in a single 'From' header. Such messages are currently exempt from DMARC processing. This setting is disabled by default because having multiple addresses in a single 'From' header is not technically a protocol violation, but enabling the setting would help maximize DMARC protection. This setting is only applied when DMARC verification is enabled.
Insert "Precedence: bulk" header into DMARC report emails
By default SecurityGateway will insert a bulk mail header into DMARC report emails. Clear this checkbox if you do not wish to insert this header.
Include full DMARC records in log file
By default SecurityGateway logs the full DMARC DNS record it obtains during DMARC DNS queries. Disable this option if you do not with to include the full DMARC record in the log file.
Auto-update public suffix file if older than this many days
DMARC requires a public suffix file to reliably determine the proper domains to query for DMARC DNS records. By default SecurityGateway will automatically update its stored public suffix file whenever it exceeds 15 days old. Change the value of this option if you wish to update the public suffix file more or less often. Disable the option if you do not wish to update it automatically.
Public suffix file URL
This is the URL of the public suffix file that SecurityGateway will download to use for DMARC. By default SecurityGateway uses the file located at: http://publicsuffix.org/list/effective_tld_names.dat.
Update public suffix file now
Click this button to manually update the public suffix file, from the Publix suffix file URL specified above.