Microsoft 365 - Steps to make list server email DMARC compliant
The purpose of this document is to recommend ways to make list server email messages DMARC compliant and to explain how and why messages are rewritten for DMARC compliance
- UW-Madison Google Groups supports DMARC for the @g-groups.wisc.edu domain.
- Instructions for administrators of other lists (e.g., mailman)
UW-Madison Google Groups supports DMARC for the @g-groups.wisc.edu domain
Google Groups will automatically rewrite the From header to the following format if the sender’s domain publishes a DMARC record with a quarantine or reject policy:
"’Bucky Badger’ via listname" <listname@g-groups.wisc.edu> </listname@g-groups.wisc.edu>
Messages sent via UW-Madison Google Groups will pass SPF for @g-groups.wisc.edu, and the messages will be signed with a DKIM selector in the g-groups.wisc.edu domain. DMARC will pass as a result.
Instructions for administrators of other lists (e.g., mailman)
- Configure the list to rewrite the From header to use the list server’s domain " ’Bucky Badger’ via listname" < listname@listdomain > .
- Use DKIM to sign mail using a selector within the list server’s domain.
- Ensure the list server’s domain is used in the envelope-from address of the SMTP transaction and that the list server IP addresses are included in the SPF record of the domain.
Internal Notes
For the DoIT Help Desk
If a customer calls in requesting a change to their SPF record, DKIM record, or DMARC record, please gather all of the following information and add it to the WiscIT case notes before escalating the case in WiscIT to the Office 365 Technical/Functional queue:
- Email domain for which the customer would like their SPF, DKIM, or DMARC record updated:
- Changes the customer has stated they would like made to their SPF, DKIM, or DMARC record:
- Date by which the customer needs the SPF, DKIM, or DMARC record changes to be made: