As a user, I'd rather my receiving email provider (eg. Gmail, iCloud, Outlook) b...

ljm · on Feb 23, 2023

Only it’s not a social network, not even close.

Web standards have advanced to a level that walled gardens are replacing email. Email itself is still stuck on IE6 level standards. And SPF, DMARC and DKIM are a confusing mess to deal with.

brnt · on Feb 23, 2023

Email is showing its age, but are SPF, DKIM, DMARC really confusing?

sgt · on Feb 23, 2023

I've had a company tell me the other day that you can't do DMARC without using their services. It's just too complex. Why is that - we don't run our own mail servers and we use Google mail for our organization. I'd think Google would do that?

ascar · on Feb 23, 2023

If a company tells you that it must be true. /s

Sounds like a salesmen who doesn't understand DMARC himself was trying to sell it by labeling it too complex.

From a purely technological point of view DMARC isn't that complicated. It just specifies how to treat DKIM and SPF results (with a bit of rather simple configuration). SPF is basically a list of ip's you own published on your domain (if the email was sent by that ip, you vouch that it was sent by you) and DKIM signs the email with a private key and you publish your public key on your domain so everyone can verify that this email was signed by the domain owner. SPF might fail if your mail gets proxied (as now its a different sender ip that you didn't vouch for) and DKIM might fail if the mail got modified including headers (because the signature can only be verified for exactly the original headers+content). So if you're sending email for someone else it gets a bit tricky, but for your own emails it's certainly not "just too complex" and boils down to a few line long configuration file, a list of ip's and a private/public key pair for signing emails.

sgt · on Feb 23, 2023

Yeah, I need to do more research on it, thanks for your advice. It seems like this must surely be possible to set up on our corporate Gmail admin account.