Should I set up SPF, DKIM, DMARC, or forward email to Gmail account?

  • Thread starter Thread starter WWGD
  • Start date Start date
  • Tags Tags
    Email
Click For Summary
SUMMARY

The discussion centers on the effectiveness of implementing SPF, DKIM, and DMARC protocols to reduce spam in Outlook accounts. Users noted that while SPF and DKIM are essential for preventing emails from landing in spam folders, DMARC can be cumbersome due to its reporting features. An alternative approach discussed is forwarding Outlook emails to a Gmail account for enhanced filtering, leveraging Gmail's built-in spam protection. Ultimately, users concluded that for Outlook accounts, the implementation of these protocols is managed at the domain level by Microsoft, making individual user adjustments unnecessary.

PREREQUISITES
  • Understanding of SPF (Sender Policy Framework) and its role in email authentication.
  • Knowledge of DKIM (DomainKeys Identified Mail) and its function in verifying email integrity.
  • Familiarity with DMARC (Domain-based Message Authentication, Reporting & Conformance) and its reporting mechanisms.
  • Basic knowledge of email forwarding and filtering techniques, particularly in Outlook and Gmail.
NEXT STEPS
  • Research how to set up SPF and DKIM records for your domain.
  • Learn about configuring DMARC policies and their impact on email deliverability.
  • Explore advanced spam filtering techniques in Outlook, including custom rules and settings.
  • Investigate the benefits of using Gmail's spam filtering in conjunction with Outlook email forwarding.
USEFUL FOR

Email administrators, IT professionals, and users seeking to enhance email security and reduce spam in Outlook accounts will benefit from this discussion.

WWGD
Science Advisor
Homework Helper
Messages
7,777
Reaction score
13,012
TL;DR
Tired of (seemingly) excessive Spam, email spoofing scam. Should I set protocols or forward mail through filter
Ok, so now occasional spam, scam mails in my Outlook account have become almost weekly, and I want to reduce them to the degree feasible. Ive had my account spoofed too. Upon reading, seems setting up the triplet SPF, DKIM, DMARC, will lower such junk. Another option is forwarding my Outlook emails to a Gmail account. This would provide double-filtering and it's simpler to implement. The three above protocols are implemented in gmail under the hood. The latter seems preferable, less effort. Just to see what others here think. TIA.
 
Reply
  • Like
Likes   Reactions: amarsharmaastrologer
Computer science news on Phys.org
WWGD said:
Ok, so now occasional spam, scam mails in my Outlook account have become almost weekly,
"almost weekly"?!? You lucky dog! I get several a day, and occasionally I get dozens in a batch. They are usually easy to recognize from the title. It's a routine thing to delete them.
 
FactChecker said:
"almost weekly"?!? You lucky dog! I get several a day, and occasionally I get dozens in a batch. They are usually easy to recognize from the title. It's a routine thing to delete them.
Well, I agreed , until my email account started being spoofed. I don't mind making the effort to implement a few protocols or forward my messages. Do you get yours in an Outlook or a Gmail ( or other) accounts?
 
DMARC is a super pain in the rear and hardly does anything but load up my email with provider reports daily. You should however set up SPF and DKIM. Those are essential these days to not land in the spam box.
 
Reply
  • Like
Likes   Reactions: WWGD
Greg Bernhardt said:
DMARC is a super pain in the rear and hardly does anything but load up my email with provider reports daily. You should however set up SPF and DKIM. Those are essential these days to not land in the spam box.
Thank you. the reason for for the forwarding was to avoid Outlook's reputation as "Your Grandma's email program". I will combine SPF, DKIM with Tron Script and Rkill as a basic security setup; using them after starting in Safe Mode, if needed. Safe Mode, RKill, then Tron Script( Which sounds like a German pronounciation of " Transcript " in English)
 
WWGD said:
Upon reading, seems setting up the triplet SPF, DKIM, DMARC, will lower such junk.
All of these protocols are used to identify a sender. If an email server can verify the identity of the sender, it will either flag it as spam or even reject it. Hotmail and Gmail are both doing this [basic] verification on all incoming emails. They also, of course, identify themselves appropriately with all outgoing emails.

To lower junk with them, you must classify the undesired emails as spam to help the spam filters do their job.

To get full control, you should make a filter for a whitelist for your inbox, a blacklist for deleting already known undesirable emails, and send the rest to your spam folder by default for you to review carefully before answering them.
Greg Bernhardt said:
DMARC is a super pain in the rear and hardly does anything but load up my email with provider reports daily.
If the daily reports are no longer relevant, you can remove the rua and ruf tags (containing your email address) from your SPF record. Those tags are optional:

https://www.rfc-editor.org/rfc/rfc7489#section-6.3 said:
rua: Addresses to which aggregate feedback is to be sent (comma-
separated plain-text list of DMARC URIs; OPTIONAL). [...] A
Mail Receiver MUST implement support for a "mailto:" URI, i.e.,
the ability to send a DMARC report via electronic mail. If not
provided, Mail Receivers MUST NOT generate aggregate feedback
reports. URIs not supported by Mail Receivers MUST be ignored.
[...]

ruf: Addresses to which message-specific failure information is to
be reported (comma-separated plain-text list of DMARC URIs;
OPTIONAL). If present, the Domain Owner is requesting Mail
Receivers to send detailed failure reports about messages that
fail the DMARC evaluation in specific ways (see the "fo" tag
above). [...] A Mail Receiver
MUST implement support for a "mailto:" URI, i.e., the ability to
send a DMARC report via electronic mail. If not provided, Mail
Receivers MUST NOT generate failure reports. [...]
 
Reply
  • Like
Likes   Reactions: Greg Bernhardt and WWGD
Thanks all. Does anyone know how I can access my DNS records, given I have a basic old Outlook account, and not one from an "External " domain such as GoDaddy I can look it up in? I also don't have a license for Office 365 , which would allow me to access my DNS reccords through Office 365 Admin.
 
WWGD said:
Upon reading, seems setting up the triplet SPF, DKIM, DMARC, will lower such junk.

You have misread: these settings relate to mail you send, not (possibly junk) mail you receive. They are not settings related to your individual email account, they relate to all mail sent from a domain, and If you are using an outlook.com email address then these settings are implemented on Microsoft's servers and there is no purpose (other than curiosity) in looking at them.

WWGD said:
Another option is forwarding my Outlook emails to a Gmail account. This would provide double-filtering and it's simpler to implement.

If you want a different level of filtering then it would be even simpler to just change your settings for your outlook.com account: https://support.microsoft.com/en-gb...l-filter-e89c12d8-9d61-4320-8c57-d982c8d52f6b
 
Reply
  • Like
Likes   Reactions: WWGD
  • #10
pbuk said:
You have misread: these settings relate to mail you send, not (possibly junk) mail you receive. They are not settings related to your individual email account, they relate to all mail sent from a domain, and If you are using an outlook.com email address then these settings are implemented on Microsoft's servers and there is no purpose (other than curiosity) in looking at them.



If you want a different level of filtering then it would be even simpler to just change your settings for your outlook.com account: https://support.microsoft.com/en-gb...l-filter-e89c12d8-9d61-4320-8c57-d982c8d52f6b
Thanks, I did get that it was my outgoing mail that would be affected. Just wanted to do my part. But, I get it, Microsoft has implemented it domain-wide.
 
  • #11
Ok, thanks all. I realized the three protocols are implemented at the _ domain_ level and I have just an email account and not a domain. Besides, Hotmail/Outlook, does implement it at the domain level. Egg on my face, big disgrace, etc.
 

Similar threads

Using Word for Equation Editing
  • · Replies 15 ·
Replies
15
Views
2K