How does XS4ALL handle DMARC enforcement and DKIM signatures?
Summary
What email marketers say9Marketer opinions
Email marketer from Reddit explains that some providers, like XS4ALL, might treat DMARC policies with p=reject as p=none if DKIM is not implemented. This is because relying solely on SPF can lead to false positives with forwarding.
Email marketer from Mailhardener Blog explains that while not explicitly stated, XS4ALL likely prioritizes DKIM because it survives forwarding, and SPF often breaks upon forwarding. It's a common practice for receivers to be more lenient when DKIM is present.
Email marketer from MXToolbox Support details that while DMARC can technically work with only SPF, it is highly recommended to use DKIM alongside it for better authentication and deliverability. XS4ALL's actions reinforce this recommendation.
Email marketer from GMass explains that XS4ALLs policy promotes better overall security by encouraging people to use DKIM. It provides an extra layer of authentication for their email deliverability.
Email marketer from Email Geeks shares that domain reputation seems to feed negatively when DKIM is lacking.
Email marketer from Superuser Forum suggests that XS4ALL is encouraging best practices by prioritizing DKIM. They believe this makes the internet a slightly safer place. It encourages correct setup.
Email marketer from Quora points out that relying only on SPF for DMARC is risky because SPF is easily broken by forwarding. XS4ALL's policy is a way to mitigate these risks for their users.
Email marketer from StackExchange explains that XS4ALL’s approach encourages senders to properly implement DKIM, which is the more reliable authentication method. This benefits the overall email ecosystem.
Email marketer from EmailSecurityAnswers Forum shares that XS4ALL's approach prevents legitimate forwarded emails from being rejected due to SPF failures. They suggest it's a pragmatic approach, balancing security and deliverability.
What the experts say4Expert opinions
Expert from Email Geeks responds that it’s mostly nice that they’re publicly saying “hey, y’all, we’re doing the smart thing” rather than silently doing the smart thing.
Expert from Email Geeks explains that DMARC enforcement at XS4ALL is interesting because they will not reject for DMARC failure if there is no DKIM signature. If you’re relying on SPF for DMARC and you have a quarantine or reject policy, they ignore any policy statements and treat it as p=none. (based on a statement from them on mailop)
Expert from Word to the Wise recommends configuring DKIM alongside SPF for DMARC implementation. They mention that DKIM survives forwarding while SPF often breaks when forwarding email. They recommend testing your DKIM records before implementing them.
Expert from Spam Resource explains that it is important to publish a DMARC record even if you think you are only using SPF for authentication. Using DKIM with DMARC can lead to an improvement in email deliverability and reduce issues.
What the documentation says5Technical articles
Documentation from RFC 7489, the official DMARC standard, specifies that receivers can choose to ignore the sender's DMARC policy under certain circumstances. XS4ALL's behavior aligns with this flexibility allowed in the standard.
Documentation from DMARC.org highlights that DMARC relies on SPF and DKIM. While SPF can have issues with forwarding, DKIM provides a robust authentication method that persists even when an email is forwarded, making it a crucial component of a DMARC setup.
Documentation from Google Workspace Admin Help emphasizes that both SPF and DKIM are essential for DMARC to function effectively, providing comprehensive protection against email spoofing and phishing. Google recommends using both.
Documentation from XS4ALL Support Pages explains that they strongly encourage the use of DMARC to protect against email spoofing. They advise setting up SPF and DKIM correctly as a prerequisite for DMARC.
Documentation from Microsoft explains that DMARC uses SPF and DKIM to verify the authenticity of email messages and provides instructions for configuring these protocols to enhance email security and prevent spoofing. While they do not comment specifically on XS4ALL it is a general view.