Can I set dmarc to tell receiver to fail if no DKIM signature provided in email?

I set SPF, DKIM and DMARC for my email server. I build my own mail server on my personal computer.

Then I disable signing DKIM signature and send an email to Gmail. Gmail shows SPF pass and DMARC pass and tell me it's a normal/good email.

So my question is, can I in some ways change my DMARC value in dns record so as to tell Gmail (others) to reject or quarantine my email if DKIM signature is not provided?

Aagin, I know:

  • sender IP doesn't match, SPF failed
  • DKIM signature is provided but invalid, DKIM failed

I want:

  • DKIM signature is not provided, DKIM failed or DMARC failed. (Anyway, I want the receiver to mark that email is bad/fake/spam one.)

The reason why I want this is because:

If my ISP impersonate me, it can send emails on my behalf. Since it can pass SPF check.

If DKIM signature can be set to a must requirement, then my ISP can't do that, because only I have the private key of DKIM signature. (Assuming the DNS record is not spoofed on the receiver side).

related: How to prevent ISP impersonating me to send email?


Solution 1:

Set SPF record v=spf1 ?all and DMARC record v=DMARC1;p=reject;. That way SPF check will always return NEUTRAL regardless of the sender IP, so the only emails that will pass DMARC check and be delivered are the ones signed with valid DKIM key, as DMARC PASS requires either SPF or DKIM to pass.