DMARC - How is it a contact us nightmare?
Just about every website has a contact us form, so if you have one, pay attention. If you don't know what DMARC
is, then read up on it here: DMARC Information
It simply stands for "Domain-based Message Authentication, Reporting & Conformance",
it's an email authentication protocol that prevents fraudulent emails to be sent on your behalf. If a potential customer from "firstname.lastname@example.org"
has a DMARC policy set and he goes to your contact us page and tries to contact you and your MTA (Mail Server) spam filter has DMARC Enabled on it. It will reject
WHOA, Why is it rejecting the message?
Lets take for example, some very common code written in PHP, that most websites use on their contact us form. This applies to every programming langauge.
$from="From: $name<$email>\r\nReturn-path: $email";
$subject="Message sent using your contact form";
mail("email@example.com", $subject, $message, $from);
If you already figured it out good for you, if you haven't, lets DMARC
on. A visitor comes to you website and wants to ask a question about something your selling. They click your "Contact Us"
form and type in their name, email, and message and hits send. Your website then connects your mail server and sends an email using the person's email as the FROM
This visitor ESP "Email Service Provider" has DMARC
turned on with a p=reject policy, your ESP also has DMARC
turned on. Your ESP see's that firstname.lastname@example.org didn't send the mail to you and reject's the email.
Uh Oooo, you just lost out on a potential customer or contact.
True story, that's what I did, I went to a company's website and used their contact us for to email them a question about something they were selling. A few minutes later I receive this.
host gmail-smtp-in.l.google.com [2a00:1450:4013:c01::1a]
SMTP error from remote mail server after end of data:
550-5.7.1 Unauthenticated email from unlocktheinbox.com is not accepted due to
550-5.7.1 domain's DMARC policy. Please contact administrator of unlocktheinbox
550-5.7.1 .com domain if this was a legitimate mail. Please visit
550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about DMARC
550 5.7.1 initiative. by8si8516828wjb.40 - gsmtp
I was shocked, this company just lost a sale.
They have no ideal that GMAIL
is honoring my DMARC
Record. A lot of people assume things just magically work. Setting up, configuring, and understanding how email works is important. So test your email configuration and set up by sending an email to "email@example.com"
So how do we fix this?
It's very simple, the from and return-path should be your email address and you should put the customers email address in the subject line, the body of the message, or the Reply-to Field. This way the message comes from you and not the customer and you pass all email authentication checks include SPF
Source: Unlock The Inbox