I've got multiple domains hosted on a single Linode instance. As a result of some routine anti-spam checking the wonderful mxtoolbox (no affiliation) reports this:
DMARC External Validation External Domains in your DMARC are not giving permission for your reports to be sent to them.
The domain in question publishes this TXT record:
_dmarc "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected];"
mailserver.net publishes the following as a TXT record (key/value pairs shown):
*._report._dmarc.mailserver.net "v=DMARC1;"
which, as far as I can tell, ticks all the boxes.
What have I missed?
MTIA
*
supposed to mean?dig TXT orgdomain.tld._report._dmarc.mailserver.example.
) used and output of the relevant lookup that makes you believe the record is configured the way you think. You may mask private details that identify you (globally routable IP addresses, DNS names), but make sure it stays consistent.*
is the DNS wildcard. It doesn't mean anything except just itself and exists as is in a zonefile._report._dmarc.mailserver.net
listed? This also breaks any lookups that share the tld of that domain in my opinion. More on wildcards in DNS at datatracker.ietf.org/doc/html/rfc4592#section-2.2