Office 365 - Steps to make UW-Madison email DMARC compliant

The purpose of this document is to recommend ways to make email messages DMARC compliant and to explain how and why messages are rewritten for DMARC compliance

How to configure a WiscList list to support DMARC for the @lists.wisc.edu domain

Note: The WiscList team plans to modify all lists to support DMARC.

Your list needs to rewrite the From header of messages so that they use the same domain as the list server (@lists.wisc.edu). If you do not do this, receiving systems will quarantine or reject messages sent through the list for any senders who have DMARC-protected domains.

In the WiscList admin site, go to Utilities → List Settings → Email Submitted Content → Header Rewrites

Use the following settings to ensure the From header uses the following format: "’Bucky Badger’ via listname"

  • Paste the following exact text in From:

    "'%%merge inmail_.hdrfrom_%%' via %%list.name%%" <%%email.list%%>

    -or-

    "’%%author.nameemail%%’ via %%list.name%%" <%%email.list%%>

Change the Reply-to option to “author” so that Reply-all can be used by recipients to reply back to the list as well as the original message’s author.

  • Paste the following in Reply-to:

    author

Messages sent via WiscList will pass SPF for @lists.wisc.edu. DMARC will pass as a result. Ensure that the From header of messages sent via your list use the @lists.wisc.edu domain so that DMARC alignment occurs.

Once WiscList starts DKIM signing messages it means that messages sent via WiscList, with the From header domain matching @lists.wisc.edu, will help ensure DMARC passes in the event that SPF fails (typically this occurs when messages are forwarded).

UW-Madison Google Groups supports DMARC for the @g-groups.wisc.edu domain

Google Groups will automatically rewrite the From header to the following format if the sender’s domain publishes a DMARC record with a quarantine or reject policy:

"’Bucky Badger’ via listname"

Messages sent via UW-Madison Google Groups will pass SPF for @g-groups.wisc.edu, and the messages will be signed with a DKIM selector in the g-groups.wisc.edu domain. DMARC will pass as a result.

Instructions for administrators of other lists (e.g., mailman)

  1. Configure the list to rewrite the From header to use the list server’s domain " ’Bucky Badger’ via listname" < listname@listdomain > .
  2. Use DKIM to sign mail using a selector within the list server’s domain.
  3. Ensure the list server’s domain is used in the envelope-from address of the SMTP transaction and that the list server IP addresses are included in the SPF record of the domain.




Keywords:office 365 uw madison wisclist dmarc list server domain email header quarantine reject reply-to dkim spf google groups administrators smtp IP address caution external "[CAUTION: External]" tagging subject   Doc ID:81107
Owner:Christina G.Group:Office 365
Created:2018-03-22 15:26 CSTUpdated:2018-11-05 12:23 CST
Sites:DoIT Help Desk, DoIT Tech Store, Office 365
Feedback:  2   0