DMARC builds on both DKIM and SPF. This white paper explains them in a bit more detail:
http://www.mcafee.com/us/resources/solution-briefs/sb-spf-dkim-dmarc-demystified.pdfQuick summary, SPF basically puts in DNS records that other mail servers use to verify that mail from your host is coming from the right IP. DKIM goes further by adding some signing to the outbound e-mails via public/private encryption schemes. The public key is stored in DNS as a TXT record. It was a bit more involved to set up, but it seems to have helped my domain a lot. Fixing my broken SPF setup and adding DKIM put a stop to GMail rejecting some messages from my domain. DKIM helps prevent some possible spoofing attacks that SPF wouldn't.
Looks like I ended up using this service to verify my DKIM setup, and their page shows some useful tidbits to look for in e-mail headers:
http://mail.appmaildev.com/en/dkim/I was emailing in and out of my domain to my iCloud, GMail, and Yahoo mail accounts to see the headers both ways during the DKIM setup.
Blacklist wise, it looks like this site will search a bit over 100 different mail blacklists to see if your domain or IP is on any of them:
http://mxtoolbox.com/blacklists.aspxMuch of the silent failures without bounce backs are using the mail blacklists to drop mail. The idea is the SMTP server rejects the connection before the message even fully comes through. CPU usage wise, it's minor as it's several DNS lookups that can easily be cached too. It's far lower impact with much higher benefits then full on accepting the message, scanning it, and generating a bounce back response.
Previous Topic
Index
