DMARC Alignment and OpenAir Email

If you use DMARC for email authentication and your DMARC policy quarantines or rejects email that is not DMARC compliant, you can take the following actions to ensure that OpenAir email pass either DKIM or SPF checks. OpenAir email does not comply with DMARC alignment rules by default. If both DKIM and SPF sets of checks fail, email may be marked as junk mail or not be delivered at all.

• To pass DKIM authentication and alignment, you can contact OpenAir Customer Support to set up DKIM for OpenAir notifications. See Setting Up DKIM for OpenAir Notifications.

  Note:

  If DKIM authentication and alignment fail after DKIM is set up, contact OpenAir Customer Support for further investigation.

• To pass SPF authentication, you can add the OpenAir email relay server domain (relay.openair.com) to your SPF DNS record.

• To pass SPF alignment, you can use the Custom Email Return Path feature to set a custom return path for your account. Review the best practice guidelines before enabling this feature. See Custom Email Return Path.

What is DMARC?

DMARC is an open email authentication protocol that provides domain-level protection of the email channel. DMARC authentication detects and prevents email spoofing techniques used in phishing, business email compromise (BEC) and other email-based attacks. Building on existing standards – SPF and DKIM –, DMARC is the first and only widely deployed technology that can make the header From domain trustworthy. The domain owner can publish a DMARC record in the Domain Name System (DNS) and create a policy to tell receivers what to do with email messages that fail authentication. It is a set of rules that when validated will ensure the email message received comes from a trusted source.

To pass DMARC alignment, email must pass either SPF alignment and authentication checks or DKIM alignment and authentication checks.

• SPF Authentication checks whether the sender server is allowed to send email for this domain (domain part of the email address in the Return-Path header).

• SPF Alignment checks whether the email message originates from whom the From header says it did. It does so by checking that the email addresses in the From and Return-Path headers have matching domains.

• DKIM Authentication checks whether the email message includes a valid DKIM signature certifying that the message body, attachments and other parts of the email message have not been modified.

• DKIM Alignment checks whether the key used for signing the email message is correct for the domain of the sender. It does so by checking that the domain part of the address in the From header matches the source domain found in the DKIM signature.