On Tuesday 9 January 2024 we will activate DMARC with SPF for all municipalities in the geographic name tree. We do this in order to increase the security and counteract emails with a forged sender address.

All of the affected municipalities are listed in the Domain name policy for .no, appendix B. In addition to this list, oslo.no will also be affected.

The change has no practical consequence for those administrating domain names for Norwegian municipalities.

What is DMARC and SPF?

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a protocoll which gives the subscriber of a domain name the possibility to protect the domain name against unauthorised use of unknown email servers. DMARC is described in the technical document RFC7489.

It is recommended to use DMARC with one of the underlaying standards Sender Policy Framework (SPF) (RFC 7208) and Domain Keys Identified Mail (DKIM) (RFC 6376).

For domain names that are not used for sending email, the standard recommends that you use Sender Policy Framework (SPF) to indicate that no email is sent from the domain name.

What will Norid add?

In the zone file for each of the domain names Norid will add two TXT posts. One for SPF and one for DMARC. These will look like this:

<municipal>.no.              IN     TXT         "v=spf1 -all"
_dmarc.<municipal>.no.      IN      TXT        "v=DMARC1; p=reject; sp=none"

This will contribute to prevent abuse of these domain names, without affecting email distribution from sub domains.

DMARC and SPF is recommended by the authorities

DMARC is a recommended IT-standard for the Government and the municipalities in order to prevent emails with a forged sender address. The Norwegian Digitalisation Agency (Digdir) has included DMARC as a recommended standard in the reference catalogue for IT standards (in Norwegian only).

DMARC is also recommended by The Norwegian National Security Authority (NSM) as a protection mechanism for transfer of email between email servers.

Published: 18 December 2023