XfinityAlex's profile

Official Employee

 • 

919 Messages

Monday, June 17th, 2024 5:44 PM

Closed

Notice: DMARC Policy for comcast.net

Around July 15th, 2024, Comcast will change the DMARC record for Comcast.net to provide more protection for Comcast email users. 

 

Most importantly, this will have no impact on users currently using Xfinity Connect (Webmail) or third-party email clients (Outlook, Thunderbird, etc.) utilizing the standard Comcast email settings.

 

We intend to change the DMARC record to a policy of quarantine for the primary domain and to reject for subdomains.  Today, those policies are none and quarantine respectively.   This means that if someone is using comcast.net in the "Friendly From" and is sending through an unapproved system, those messages should be treated as undesirable (most likely placed in the spam folder) by a system that receives those messages, and properly evaluates DMARC and its dependencies.

 

Generally, DMARC (RFC7489) is used to help defend against direct domain (RFC5322) impersonation.  It relies upon SPF and DKIM to authenticate messages.   The mechanism includes a policy to inform receivers how to handle messages when there is no valid authentication. There is also a reporting component to allow domain owners to understand when others are attempting to improperly use their domain.

Official Employee

 • 

919 Messages

11 days ago

Around May 15th, we updated the DMARC policy for comcast.net to be a "reject" policy.  This means if you're sending through a third-party service (Gmail, etc), and they are unable to provide proper authentication, the message is unlikely to be accepted at major providers who honor DMARC policies.  Prior to this date, the policy was "quarantine" and messages would have likely still been delivered.  As the policy is now reject, the receiving site should refuse the messages.  If you would like to use your "comcast.net" address to send email, it is recommended that you send these messages via our Xfinity Connect webmail platform, or configure a third-party client and send via the comcast.net systems (https://www.xfinity.com/support/articles/email-client-programs-with-xfinity-email).

This is to help protect the domain from direct-domain impersonation, and cut down on the amount of phishing and so on.  It's not a cure-all, though, part of a larger security endeavor.

Xfinity is not the only entity to use this policy with consumer domains (comcast.net), and another large-scale example would be yahoo.com.

forum icon

New to the Community?

Start Here