The Google for Education Community Platform

kcalderw · ‎09-19-2023

We had an issue this week where some of my staff received an email from "me" that asked them to click on a Google Doc link. They all knew it was fake but we received it several times this week. Spoke with Google support (no suspicious activity on my account) and they were spoofing. We looked over our records and made an adjustment to the dmarc TXT entry.

I'm curious what do you all have set for the p value? The options are none, quarantine, or reject.

Kim_Nilsson · ‎09-19-2023

reject

Has been set for years.

--
https://wheretofind.me/@NoSubstitute

kcalderw · ‎09-19-2023

Apparently whomever set up our domain missed that step and had it set to none...

ddelboccio · ‎09-19-2023

Quarantine, 25%.

Can't pull the reject trigger like Kim does. LOL

kcalderw · ‎09-19-2023

This is our new setting. Any idea what fo=1 is?

v=DMARC1; p=quarantine; pct=25; fo=1;

ddelboccio · ‎09-19-2023

Forensic options. Allowed values: '0' to generate reports if both DKIM and SPF fail, '1' to generate reports if either DKIM or SPF fails to produce a DMARC pass result, 'd' to generate report if DKIM has failed or 's' if SPF failed.

ddelboccio · ‎09-19-2023

Check your here:

https://www.mimecast.com/products/dmarc-analyzer/dmarc-check/

Also explains all the tags.

ddelboccio · ‎09-20-2023

OK, under total respect for Kim Nilsson, I have finally set my DMARC policy to REJECT.

kcalderw · ‎09-20-2023

If things go south you can always blame Kim!

The Google for Education Community Platform

Dmarc question