Question
Incoming mail has not been validated according to DMARC policies (SPF and DKIM). I'm trying to prevent mail address spoofing.
Does cPanel perform DMARC validation on received/incoming emails?
Answer
Unfortunately, cPanel's MTA Exim doesn't perform the validation for DMARC on cPanel servers by default. This functionality has been requested on the feature request website.
Please vote for this option and show interest at the below URL.
Add DMARC to the Email Authentication UI
Alternatively, the workaround for when the sender doesn't match is to Enable SpamAssassin.
SpamAssassin has the ability to mark similar emails as Spam emails. After it is marked as Spam, it can be auto discarded or moved into the spam box.
Note: SpamAssassin settings may need to be modified or tuned to match the emails in question effectively.
If SpamAssassin isn't an option for the server in question, emails that fail DKIM validation can be rejected by enabling the below setting.
Exim Configuration Manager - Basic Editor - ACL settings
