All Questions
126
questions
0
votes
1
answer
65
views
Trying to figure out a DMARC/DKIM situation
I recently helped a friend implement DMARC/DKIM/SPF and got a report that makes no sense to me.
Their domain is hosted on SquareSpace, they use Google Apps for email, and Mailchimp for mailing lists. ...
1
vote
1
answer
117
views
Understanding DMARC report - DKIM pass on SPF fail
I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>...
0
votes
0
answers
70
views
What are these DMARC failures about?
I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
3
votes
1
answer
533
views
How to get SPF alignment to pass DMARC for a subdomain?
I have the following DNS configuration:
$ dig +noall +answer -t txt example.com
example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all"
$ dig +noall +...
0
votes
0
answers
176
views
This relay isn't allowed to send mail "From" gmail.com
I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
-1
votes
1
answer
88
views
Phishing email but with SPF, DKIM and DMARC in "PASS" status
I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...
0
votes
1
answer
554
views
SPF spf.protection.outlook.com is invalid for messages within tenant
When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...
0
votes
2
answers
443
views
Why does my DMARC report from Google have "<dkim>fail</dkim>" when all auth_results have "pass"
We're using Microsoft 365 (outlook.office.com) for our company emails and have had DKIM set up for a while, but recently added a DMARC record. I now got a DMARC report from Google where every record ...
0
votes
2
answers
122
views
Should we add SPF records of popular email providers?
DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers.
DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
0
votes
0
answers
176
views
DMARC and Postfix delivery reports
I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests.
The headers of regular messages (sent via my mailserver) look ...
0
votes
2
answers
150
views
A Non-MX mail server + Google Workspace, is this viable?
I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
0
votes
1
answer
947
views
Should HELO, MAILFROM and From use the same domain?
I configured a mail server a couple of times before and I believe back then I thought
that the answer is "yes."
But I'm about to configure another one, and it seems that I was wrong. Let's ...
0
votes
0
answers
42
views
Getting Spoofed - DMARC , DKIM and SPF are properly setup (AFIK)
I have been testing my DMARC policy for some weeks and I ran into this issue. Background:
SPF - setup and working
DKIM - set up and working (AFIK)
DMARC - set up and working - looking for alignments ...
0
votes
1
answer
167
views
Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?
I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
0
votes
2
answers
2k
views
How to setup DMARC for both AWS SES and Office 365
I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
1
vote
2
answers
3k
views
Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?
I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
0
votes
1
answer
80
views
DKIM and how it relates to DMARC reports
I've been tasked with setting up DKIM, SPF and DMARC for a business. I come from more of a development background, so as a result, I've been a bit confused on how to interpret the DMARC reports I'm ...
-1
votes
1
answer
818
views
DNS Records - CNAME
Quite newbie, so sorry any unconnected data. I am creating a DKIM and SPF records to emulate DMARC as a workaround. An external vendor of us, want to send emails under our domain using a subdomain.
I ...
2
votes
1
answer
741
views
How do i receive DMARC reports with external domains that i have no permission to control
I want to receive reports with gmail or outlook or anything else that i have no permission to add (mydomain.com)._report._dmarc.(gmail|outlook).com as a record. What i can do?
Example just like:
v=...
0
votes
1
answer
786
views
DKIM E-Mail verification - prevent receivers from accepting unsigned emails?
I have set up SPF, DKIM and DMARC in my domain (to the best that I can figure out), but I still can send spoofed emails - without a DKIM signature - and they are accepted (at least when I test with ...
1
vote
1
answer
359
views
I setup DMARC p=reject on server but now I can't send via gmail to gmail (using server email From address)
Did I shoot myself in the foot ?
I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the ...
1
vote
2
answers
343
views
Should we enhance DMARC to allow aligned DKIM enforcement?
Currently, DMARC only requires aligned DKIM or SPF.
However spoofing SPF is relatively simple for an experienced hacker:
You should only control a single IP address in the often large SPF range of e-...
1
vote
2
answers
207
views
I don't understand DMARC reports regarding my policy
My DMARC settings seems to not work as expected.
First, a few things to note:
The domain is mydomain.com (not the real one obviously) ;
The domain and mail provider is gandi.net ;
I use Amazon SES to ...
1
vote
3
answers
501
views
SPF FAIL but DKIM PASS with my own domain
I do not understand the fail results in the following google DMARC report to our domain.
I understand that the SPF fails because the IP address is not ours but if so, how come DKIM passes?
<...
2
votes
1
answer
927
views
DKIM & SPF Allignment for Subdomains
We have a primary domain name example.com that has both adkim=s and aspf=s defined in its DMARC policy. Now, we have multiple subdomain names for this primary domain, such as postman.example.com. The ...
2
votes
1
answer
4k
views
DMARC record is valid, but your domain's None/Quarantine policy does not yet protect it against email spoofing and phishing
People,
Using the website: https://easydmarc.com/tools/dmarc-lookup?domain=name.com
I got this error:
DMARC record is valid, but your domain's None/Quarantine policy does
not yet protect it against ...
0
votes
1
answer
1k
views
Network Solutions DNS not always returning DKIM and SPF records
If there is a more appropriate place to ask this or it is a duplicate, please tell me.
I have a client who hosts their domains with Network Solutions. Some of their emails were bouncing due to ...
2
votes
1
answer
304
views
(Why) Would email servers stop sending DMARC reports because of DKIM?
I have a personal email server I've been running for years; very seldom has there been a problem with sending mail and so I've never really got up to speed with things like SPF, DMARC, and DKIM. ...
1
vote
2
answers
219
views
Does this report mean someone is attempting to send emails fraudulently or that I have things configured wrong?
Pretty new to spf/dkim and dmark.
After setting this up just this morning I already got a report on a new website. Our service eamils our users via sendgrid and the rest of the emails are sent from ...
0
votes
0
answers
176
views
postfix to gmail silent delivery failure
With the impending turndown of free hosted Google workspace accounts, I'm trying to install my own mail server using postfix/dovecot/opendkim. Mostly, it's working and for many of the services I've ...
17
votes
3
answers
8k
views
SPF/DKIM/DMARC for Gmail "Send mail as" via smtp.gmail.com on external domain
Since "Google Apps" / "Google Apps for business" / "G-Suite" / "Google Workspaces" free tier is being discontinued, I need a solution to migrate my ~30 extended ...
0
votes
1
answer
2k
views
How can it be possible dkim fails whereas spf pass
I have set up a postfix which sends emails.
I have configure spf, dkim and dmarc (with p=none).
I have checked with mail-tester: spf and dkim work fine.
I have set up a dmarc rua in order to receive ...
3
votes
1
answer
2k
views
How is this email passing DMARC?
Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.)
This is disturbing, as it shows as "from foo.com", yet the sender ...
0
votes
1
answer
598
views
How do I add individual mail-sending websites to my SPF record?
My company, which sends @example.co email from Google Workspace, HubSpot, and Salesforce, has the following SPF record in DNS:
v=spf1 include:_spf.google.com include:_spf.salesforce.com
include:...
2
votes
1
answer
2k
views
Why do I get DMARC aggregate reports with no reported failures (G Suite + Amazon SES)?
Domain: franzoni.eu
Such domain leverages G Suite (grandfathered free version) for receiving mail, but for various reasons (I prefer not to create users for M2M SMTP on G Suite, and I cannot use SMTP ...
6
votes
2
answers
4k
views
Why does spf fail in DMARC report from Google?
I recently received a DMARC report from Google alerting me of a few SPF failures with mail originating from IP addresses belonging to Amazon SES. A sample record is as follows (I have replaced our ...
6
votes
1
answer
4k
views
Mail from Teams forwarded to Gmail marked as spam due to DMARC failure
When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account ([email protected]) when she is offline in Teams. The receiver set it up so that all ...
5
votes
1
answer
6k
views
why is this DMARC failing verification?
I get a 6.1/10 score on mail-tester.com, where the DMARC verification is the only relevant penalty (-3).
* Your DKIM signature is valid
* Your message failed the DMARC verification
A DMARC policy ...
3
votes
0
answers
694
views
Google G Suite DMARC + SPF + DKIM for user domain aliases fail Google Admin Toolbox CheckMX
I have set up the above in my Google's old G-Suite account for a User Domain Alias but am still getting two warning messages:
https://webcoder.co.uk
There were some non-critical problems detected with ...
0
votes
1
answer
2k
views
DMARC appears to fail, multiple DKIM signatures with one matching the from address
I am using a free outlook account. In the outlook account management portal I have added an alias for my custom domain ([email protected]). With this I am able to send mails from this alias, ...
0
votes
0
answers
1k
views
DMARC, DKIM, or SPF? Emails going into quarantine
I have never had to deal with DKIM, DMARC, or SPF records before; however, our SPF record is full (10, Cloudflare) and I have a vendor whose emails aren’t making it to our mailboxes.
I made ...
0
votes
1
answer
123
views
DMARC report with passing O365 DKIM signature being sent by Google server
The dmarc report values are as follows:
dkim_domain : mydomain.onmicrosoft.com
dkim_result : pass
selector : selector1-mydomain-onmicrosoft-com
header_from : mydomain
spf_domain : mydomain
spf_result :...
0
votes
1
answer
185
views
Send each email from a different subdomain?
There are clearly benefits of using a subdomain for sending email to protection domain reputation, but is this always true? What about the extreme case, where a spam domain sends every email from a ...
0
votes
1
answer
96
views
Is everything OK based on this DMARC report?
Do I understand it correct that everything is OK and I have both SPF and DKIM configured correctly based on this report from Google?
<?xml version="1.0" encoding="UTF-8" ?>
&...
6
votes
1
answer
637
views
Is email deliverability impossible with a .name email address?
I have a dot name domain. .name is an odd TLD: they originally only offered third level domains, eg first.last.name, so that more people could get their own name. They also included the first@last....
1
vote
1
answer
3k
views
Forward messages to Gmail (postfix+SRS) has DMARC failure even though SPF and DKIM succeed
I run my own domain, but forward many email addresses to my gmail account. Recently, I started seeing a lot of messages marked by gmail as spam. I have SPF set for my outgoing email, and use SRS to ...
7
votes
2
answers
7k
views
DMARC fail, but DKIM and SPF are passing
I am using AWS SES (in sandbox mode) to send an email to a GMail address.
Unfortunately it gets flagged as spam.
Google is nice enough to tell me in the message details that it is a DMARC failure
I ...
1
vote
1
answer
2k
views
Windows DNS and long DKIM keys
One of our third party services that we sends as provided us with a DKIM record that is longer than 255 characters and they won't provide a shorter one. How do I properly use what they've provided ...
2
votes
1
answer
957
views
DKIM Key Rotation Best Practices
Do you find it necessary to regenerate your DKIM keys every 1-6 months to avoid your mail going into the receiving servers' junk mail folder?
Some guides recommend this, some even say it's "Best ...
1
vote
1
answer
3k
views
emails to Yahoo are ending up in SPAM folder despite spf=pass, dkim=pass and dmarc=pass
Are we possibility having a reputation problems with Yahoo emails?
Yahoo raw mail header finds my policy I published: dmarc=success(p=REJECT,sp=REJECT)
Emails to clients at Google and Outlook are not ...