DMARC Compliance of Auto-Generated Emails

Auto-Generated emails, also known as the Automatic Responses, are emails that are generated and sent from your email server. Some of the most common types are:

  • Out of the office, or vacation notices.
  • Change of address.
  • Service Responders
  • NDR (Non-Delivery Receipt) responses.

According to the RFC2298, the return-path of these auto-generated emails MUST be null, which ensures no ‘Delivery Status Notification’ messages are to be sent back in response. In this case the message can be assumed to be generated from the mail server itself. Therefore this return-path will be replaced by the EHLO/HELO hostname (in regards to SPF check).

SPF Compliant

The SPF check for these auto-generated emails will be performed against the EHLO/HELO hostname, which will only pass if there is an SPF record configured on the hostname to include the IP address.

alt text

DMARC Compliant

If the sender domain has a DMARC record configured, the HELO hostname MUST be changed/rewritten to be the subdomain of the sender domain. This will result in passing of the SPF alignment check, and therefore passing DMARC, read more about DMARC alignment here.

DKIM workaround

In case the HELO-name changing/rewriting is not possible, the DKIM key of the domain can be used to sign these emails on the email gateway. this option “Signing emails with no envelope address” must be enabled.

Configuring SPF/DKIM for the auto-generated emails can be tricky. You can generate a DMARC record here and Sign up for FREE to utilize our DMARC360 Portal.