Summary
The evidence suggests that BT's (btinternet.com) DMARC policy enforcement is not entirely consistent. While BT's documentation implies engagement with DMARC and prioritizes sender authentication and reputation, tests show mixed results: bt.com accepted DMARC failing mail, whereas btinternet.com blocked mail due to SPF/DKIM failures, not necessarily DMARC. Various factors contribute to this inconsistency, including variations in how ISPs interpret DMARC policies, potential technical limitations, outdated email systems, DNS propagation issues, and the fact that receivers ultimately decide how to handle authentication failures, per DMARC.org and RFC specifications. Correct DMARC setup is vital, but constant monitoring of DMARC reports is equally critical to understand how BT is handling emails failing DMARC checks, and to be aware of potential implementation issues.
Key findings
- Mixed Test Results: bt.com accepted DMARC failing mail, while btinternet.com blocked mail due to SPF/DKIM failure, not DMARC.
- Engagement Implied: BT's documentation implies some support for DMARC, focused on sender authentication.
- Inconsistent Enforcement: ISPs, including those in the UK, might not strictly adhere to DMARC policies (quarantine, reject).
- Implementation Variations: DMARC interpretation/enforcement varies among providers; spam vs. block decisions differ.
- DNS & Other Factors: DNS propagation, technical constraints, and legacy systems can impact DMARC application.
- Receivers Rule: Receiving servers ultimately decide how to handle DMARC failures.
- Setup not Enough: Only setting up DMARC is not enough to validate its success
Key considerations
- Monitor DMARC Reports: Actively monitor DMARC reports, specific to btinternet.com, to see how they handle authentication failures.
- Verify Authentication: Ensure SPF and DKIM records are correctly configured to minimize authentication failures.
- Adaptive Strategy: Develop a flexible email strategy that addresses potential DMARC enforcement differences.
- Test Deliverability: Test email delivery to BT and btinternet.com addresses to verify DMARC policy application.
- Apply reject DMARC: Apply a reject policy as that may help to achieve better results
What email marketers say
9 marketer opinions
The enforcement of DMARC policies by BT (btinternet.com) is inconsistent. Some reports suggest BT may not strictly adhere to DMARC, especially quarantine or reject settings. The interpretation of DMARC policies varies among email providers; some might send emails to spam, while others block them. DMARC reports are crucial for understanding how different ISPs handle DMARC failures, providing insight into BT's practices. Correctly configured DMARC records are essential, with potential rejections if not set up correctly. Older email systems might not fully support DMARC. Inconsistencies in DMARC implementation and DNS propagation can also affect policy application. Therefore, vigilance and monitoring are needed to ensure effective email delivery.
Key opinions
- Inconsistent Enforcement: BT may not strictly adhere to DMARC policies, particularly quarantine and reject settings.
- Variable Interpretation: Email providers vary in how they interpret and enforce DMARC policies.
- Importance of Monitoring: Analyzing DMARC reports is crucial for understanding how ISPs handle DMARC failures.
- Record Configuration: Correctly configured DMARC records are essential to avoid rejections.
- Older Systems: Older email systems might not fully support DMARC.
- Authentication Issues: SPF and DKIM misconfigurations often lead to DMARC failures.
- DNS propagation: DNS propagation issues may cause DMARC application inconsistencies.
Key considerations
- Monitor DMARC reports: Regularly check DMARC reports to understand how BT handles emails failing DMARC checks.
- Test email delivery: Test email delivery to BT addresses to determine how DMARC policies are applied in practice.
- Ensure proper configuration: Verify that SPF and DKIM records are correctly configured to ensure DMARC authentication passes.
- Stay vigilant: Be vigilant as some corporate customers may not correctly follow DMARC records.
- Monitor Reputation: Monitor your sending reputation and volume with them, if you see sudden changes that could mean issues with deliverability and DMARC.
Marketer view
Email marketer from Email on Acid emphasizes the importance of analyzing DMARC reports to understand how different ISPs are handling emails that fail DMARC. This data can provide insights into BT's specific practices.
7 Oct 2024 - Email on Acid
Marketer view
Email marketer from EmailDrip highlights that DMARC failures often occur because of SPF or DKIM misconfigurations, causing authentication to fail. They also noted alignment issues are a main reason
12 Nov 2024 - EmailDrip
What the experts say
6 expert opinions
Tests on BT's domains (bt.com and btinternet.com) yield mixed results. bt.com accepted DMARC failing mail. However, btinternet.com blocked mail due to SPF failure and lack of DKIM, not directly due to DMARC. DMARC enforcement is complex and varies among providers, influenced by technical limitations. Simply setting up DMARC is insufficient; monitoring message handling is critical. Moving to a 'p=reject' policy is advisable to potentially improve spam filtering.
Key opinions
- Mixed Results: bt.com accepts DMARC failing mail, while btinternet.com blocked mail due to SPF/DKIM issues.
- Root Cause: Blockage on btinternet.com primarily caused by SPF failure and lacking DKIM, not a DMARC policy rejection.
- Enforcement Complexity: DMARC enforcement varies significantly among ISPs and mail providers due to technical factors.
- Setup Insufficient: Setting up DMARC is not enough; one must monitor how messages are handled.
Key considerations
- Implement DMARC 'p=reject': Consider moving to a 'p=reject' DMARC policy to enhance spam filtering.
- Check SPF/DKIM: Ensure SPF and DKIM are correctly configured to prevent deliverability issues.
- Monitor Delivery: Actively monitor email delivery and DMARC reports specific to btinternet.com to identify and address issues.
- Test DMARC: Run separate delivery tests to BT.com and BTinternet.com to see if they follow DMARC policies
Expert view
Expert from Email Geeks and Marketer from Email Geeks explain that the blockage was due to SPF failure, and not DMARC.
30 Mar 2024 - Email Geeks
Expert view
Expert from Email Geeks tested btinternet.com and found that they did block it. The message was rejected for policy reasons due to SPF failure and lacking DKIM.
1 Jul 2021 - Email Geeks
What the documentation says
4 technical articles
BT's documentation implies engagement with DMARC policies to manage spam and phishing, without explicitly stating full adherence. DMARC.org highlights that receivers ultimately decide how to handle authentication failures. RFC 7489 specifies receivers *should* follow DMARC, but exceptions exist. The UK NCSC notes potential inconsistencies in DMARC application among providers. Therefore, while DMARC provides a framework, consistent enforcement cannot be guaranteed.
Key findings
- Implied Support: BT's documentation suggests support for DMARC through its emphasis on authentication and anti-spam measures.
- Receiver Discretion: Receiving mail servers ultimately decide how to handle messages failing DMARC authentication.
- Recommendations: DMARC.org recommend monitoring DMARC reports to understand how receivers are processing your email
- SHOULD, Not MUST: RFC 7489 states receivers *should* follow DMARC, but exceptions can occur.
- Inconsistent application: The UK NCSC notes potential inconsistencies in application among different providers.
Key considerations
- Monitor DMARC Reports: Actively monitor DMARC reports to assess how BT handles authentication failures from your domain.
- Authentication Practices: Ensure strong authentication practices (SPF, DKIM) to minimize DMARC failures.
- Adaptive Strategy: Develop an adaptive email delivery strategy that accounts for potential variations in DMARC enforcement.
- Delivery Testing: Implement delivery testing to ensure successful authentication and placement in recipients inboxes
Technical article
Documentation from BT.com outlines best practices for postmasters and senders, indirectly implying DMARC support through emphasis on authentication and sender reputation. It mentions that BT actively manages its email infrastructure to protect customers from spam and phishing, suggesting an engagement with DMARC policies.
17 Jan 2024 - BT.com
Technical article
Documentation from UK Government NCSC covers general email security using protocols like DMARC. It mentions some providers might have inconsistent application due to technical implementation or other factors.
26 Oct 2023 - NCSC.gov.uk
How can I use DMARC to prevent spammers from using my domain?
Do Yahoo and Gmail require DMARC authentication for senders?
How can I ensure email compliance with Yahoo/Google rules including DMARC, SPF, and FcrDNS?
How do DMARC quarantine and reject policies affect sender reputation and email delivery?
How do DMARC policies and RUA/RUF settings inherit or override each other between a domain and its subdomains?
Do all email service providers support DMARC, and what does 'support' mean in this context?
What does DMARC loop detection mean and how to resolve it?
What are SPF, DKIM, and DMARC, and when are they needed?
How can I contact BT Internet about deliverability issues and what should I expect?
