[mschuster91]

The thing is, it's a mess to set up if you are not doing it correctly - which is all too easy if you are not doing this day-to-day.

Spammers however, they have an economic incentive to have experts set up SPF, DMARC and all the other crap to appear legitimate.

[tombrandis]

I think that this is overstated, it takes ~15 minutes to set up SPF and DMARC correctly and few people run their own email servers.

https://workaround.org/ispmail-trixie/anti-spoofing-dkim-spf...

[mcmcmc]

If you’re not capable of setting up DMARC correctly then it’s a safe assumption you aren’t capable of adequately securing your email server. Which is even easier to mess up with much higher consequences. Even if you are not intending to be a spammer, if your server gets pwned you will become an unwitting one.

[tiberious726]

I set up my orgs SPF/DKIM/DMARC (we self host, they have feelings about corporate data sovereignity...) it look about 30 min having never touched them before, and maybe another 15 to write an ansible playbook to rotate the keys.

We do have a _tremendous_ amount of spam fail these checks, as well as a few legitimate organizations.... Some of our peer companies have sent out notices that they will bounce anything that fail these checks in the coming years, and we're probably going to to do the same before too long.

It's trivially easy, and absolutely valuable