Skip to main content

Questions tagged [dmarc]

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.

61 questions with no upvoted or accepted answers
Filter by
Sorted by
Tagged with
3 votes
0 answers
694 views

Google G Suite DMARC + SPF + DKIM for user domain aliases fail Google Admin Toolbox CheckMX

I have set up the above in my Google's old G-Suite account for a User Domain Alias but am still getting two warning messages: https://webcoder.co.uk There were some non-critical problems detected with ...
webcoder.co.uk's user avatar
3 votes
0 answers
229 views

Using DMARC techniques to block Backscatter

We run a small email (receiving not bulk sending) service (~ 300 domains or so) for our customers and are just starting to introduce DMARC. One of the reasons for doing so is to help stop backscatter ...
Rob Lambden's user avatar
2 votes
1 answer
2k views

Why is OpenDMARC using my (the recipients) configuration for incoming mail?

Recently I've had some incoming emails be rejected by my mail server for failing DMARC checks. Upon closer inspection I noticed that the logs mentioned that the rejection was because OpenDMARC was ...
Coding Cat's user avatar
2 votes
1 answer
2k views

DMARC fails on forwarded mails without DKIM

I am running a mail server (postfix) on a VPS that is set up to forward all mail sent to an address in my private domain to a GMail address. SPF, SRS, DKIM, and DMARC are set up for my mail server and ...
user3298489's user avatar
1 vote
0 answers
335 views

DMARC reports no longer being received from google

We are seeing a large number of DMARC rejects from google from emails that have both a valid DKIM signature and a valid SPF sender. We have validated this by sending the same emails to other ISPs and ...
Kinexus's user avatar
  • 141
1 vote
1 answer
260 views

Apparent DMARC External Validation query failure

I've got multiple domains hosted on a single Linode instance. As a result of some routine anti-spam checking the wonderful mxtoolbox (no affiliation) reports this: DMARC External Validation External ...
J Evans's user avatar
  • 195
1 vote
2 answers
219 views

Does this report mean someone is attempting to send emails fraudulently or that I have things configured wrong?

Pretty new to spf/dkim and dmark. After setting this up just this morning I already got a report on a new website. Our service eamils our users via sendgrid and the rest of the emails are sent from ...
John's user avatar
  • 907
1 vote
1 answer
518 views

Email forwarding SPF and DKIM domains

In preparation for publishing a strict DMARC policy, I've: Published a reporting-only policy. Gathered nearly 2 months' worth of reports and uploaded them to dmarcian. Started analysing them and ...
mythofechelon's user avatar
1 vote
1 answer
809 views

Why is opendmarc SPF failing this arriving message?

Why is this incoming message failing? postfix/smtpd[4776]: connect from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73] postfix/smtpd[4776]: Anonymous TLS connection established ...
Andrew's user avatar
  • 145
1 vote
1 answer
740 views

Postfix send mail only to GMail, all other domains are deferred and not sended

My Postfix server is running on Debian Stretch. It is able to send emails to a GMail address without problems which are not considered as spam. At the DNS level I configured DKIM, SPF and DMARC and ...
Zetam's user avatar
  • 11
1 vote
1 answer
977 views

Gsuite DMARC SPF Setup Failure

I'm using Gsuite with our own domain name "audacy.space". I've setup DMARC, DKIM and SPF, and both DMARC Analyzer and Google's Mx Tool report no problems for the domain. However, our weekly DMARC ...
AudRE's user avatar
  • 11
1 vote
0 answers
2k views

What is wrong with this e-mail which is failing SPF(mailfrom) and DMARC?

This is a follow-up from "Why is my opendmarc failing pretty much everything that comes through?". I'm really struggling to understand what is going on. Outgoing mail is verified correctly by the ...
Morpheu5's user avatar
  • 279
1 vote
1 answer
308 views

Seemingly valid SRS-processed message is being rejected by gmail servers

I have a virtual private server with its own IP and have configured SPF, DKIM, DMARC, SRS (with postsrsd) and all that jazz. Let's call it domainut.com. Most things are working, mail is being ...
MariusSiuram's user avatar
1 vote
0 answers
2k views

SPF softfail on gmail

I'm trying to setup my own smtp server with postfix and opendkim. I have publsished spf/dmarc/dkim recors, set up ptr. But currently, all my mail with any text goes into gmail spam folder. I have ...
ThinCrustItalianPizza's user avatar
1 vote
1 answer
198 views

How to setup SPF and DMARC for satellite hosts?

If I send mail directly from relay host - everything works like a charm. All checks are passed. Delivered-To: [email protected] Received: by 10.100.182.171 with SMTP id t40csp2626933pjb; Thu, 26 ...
Falseclock's user avatar
1 vote
0 answers
992 views

mail ends in google spam folder while SPF pass, DKIM pass, DMARC pass

I am trying to send basic mail to a gmail user test and the mail ends up in the spam folder. I don't really understand why. I used to send through ubuntu sendmail, spent a lot of time setting up ...
user1998000's user avatar
1 vote
1 answer
2k views

DMARC and RFC2298 compliant MDNs with a null MailFrom... Can it work?

This is an issue we're seeing with Exchange Online but it would be an issue with most hosted email I suspect. When Office 365 / Exchange Online sends an automatic reply (Out of Office for example) it ...
omniomi's user avatar
  • 123
1 vote
1 answer
357 views

What does a failed SPF record tell me from a DMARC Aggregate report?

I have been trying to find a straightforward answer to this, but I have been having no luck. I also tried asking on the security focused Stackexchange site, but had no luck there is well. I am hoping ...
Dave's user avatar
  • 11
1 vote
1 answer
342 views

SPF and DMARC - how is the SPF policy used

My domain has a strict DMARC policy (p=reject) and a standard SPF policy with ~all catchall. My email provider is Google Workspace. I received an email spoofing my sender address. It came from 41.174....
chutz's user avatar
  • 8,080
1 vote
1 answer
4k views

message headers say dkim = fail, stats say = PASSED. why the conflict, and how to fix?

In some-not-all received emails -- notably ONLY those sent via 'bulk' services -- I get a DKIM fail: "signature verification failed". Here's one example: Received message headers DKIM-Filter: ...
Jason's user avatar
  • 11
0 votes
0 answers
21 views

Should smtp_helo_name always be the same as your MX record?

I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this: "v=spf1 mx -all" The MX records in the zone are: mx0.mydomain.org.uk. ...
TommyPeanuts's user avatar
0 votes
0 answers
11 views

openarc: can't parse Authentication-Results

I've just set up openarc on fedora38 with postfix-3.7.9. I believe it's working properly, but I have a few questions. I'm seeing messages like this periodically. I've found another similar report from ...
Alex Regan's user avatar
0 votes
0 answers
70 views

What are these DMARC failures about?

I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
Rob Brandt's user avatar
0 votes
0 answers
72 views

DMARC, SPF and DNS wildcards

My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname: example.com sales.example.com internal.example.com mail.example.com I initially ...
janeden's user avatar
  • 267
0 votes
0 answers
176 views

This relay isn't allowed to send mail "From" gmail.com

I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
user1409214's user avatar
0 votes
2 answers
735 views

DMARC without rua... proper format?

Yahoo and Google are now requiring DMARC according to Shopify. I have been setting them up for my clients, but I don't need the aggregate reporting. I only need it so that these companies can verify ...
Jefferis Peterson's user avatar
0 votes
0 answers
105 views

Incorrect dmarc record landing some mail in spam

I have just received notice from one of our partners that some of our emails sent via AWS SES are being flagged by their email provider as potential spoof DMARC. We used route 53 to add all our DNS ...
red house 87's user avatar
0 votes
0 answers
39 views

Postfix - Only allow relaying when sent from local user

At the moment, our Postfix + Dovecot mail system has two types of users: those with a full account and those with only a forwarder. Users with a full account are in the virtual_aliases table pointing ...
CompuChip's user avatar
  • 101
0 votes
0 answers
176 views

DMARC and Postfix delivery reports

I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests. The headers of regular messages (sent via my mailserver) look ...
janeden's user avatar
  • 267
0 votes
0 answers
42 views

Getting Spoofed - DMARC , DKIM and SPF are properly setup (AFIK)

I have been testing my DMARC policy for some weeks and I ran into this issue. Background: SPF - setup and working DKIM - set up and working (AFIK) DMARC - set up and working - looking for alignments ...
mat's user avatar
  • 1
0 votes
0 answers
82 views

Change mail from header in sendmail

We have two separate RTs (request trackers) configured on one server. They both are configured to send the emails through sendmail. We are trying to configure now SPF and DMARC records for these DNS ...
Julia Mala's user avatar
0 votes
2 answers
356 views

Changing SPF record from ~all to -all where employee inboxes are with Google and Amazon SES is used for website transactional emails

I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...
sdek's user avatar
  • 165
0 votes
1 answer
226 views

How to proper dns zone config for selfhosted email server

Looking to harden the sending authentication of my email server, I am looking for some usefull hints on the topic. As I have in total 4 Vps Servers where emails will be send from, registration ...
KaliMucho's user avatar
0 votes
0 answers
134 views

Send bulk emails with valid DMARC security

We are implementing a feedback feature in our web application. After completion of an event, we are sending emails requesting feedback and ratings to our visitors. If we do write the following DMARC ...
Akash Samal's user avatar
0 votes
0 answers
90 views

Correct SPF record

I have been asked to apply DMARC protection to a domain. Part of this requires me to add an DNS record to the domain management console, however I have come across a stumbling block. The DMARC checker ...
Max Johnson's user avatar
0 votes
0 answers
176 views

postfix to gmail silent delivery failure

With the impending turndown of free hosted Google workspace accounts, I'm trying to install my own mail server using postfix/dovecot/opendkim. Mostly, it's working and for many of the services I've ...
PaulProgrammer's user avatar
0 votes
0 answers
508 views

Softfail on forwarded emails sent through Yahoo mail - Is there a fix?

happy to be here. Excuse me for the wall of text but I am trying to help a friend who wants to keep on using his Yahoo mail for sending emails from his business email address. His mail server is on ...
Manou Allou's user avatar
0 votes
1 answer
566 views

Why am I failing SPF only in my Google DMARC report?

Curious as to why my Google DMARC is coming back with a fail under SPF. Here is the report: <?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> ...
2kreate's user avatar
0 votes
1 answer
488 views

SPF record with DMARC policy is not picking up the policy

We are now going through security verification, and we are using SecurityScorecard for it. One of the issues that we are still trying to fight, is the SPF record. The details of the error are as ...
Alex A.'s user avatar
  • 101
0 votes
1 answer
5k views

550-5.7.26 Unauthenticated email from domain is not accepted due on ERP only

I have made updates to our mail server to use DMARC. So after This our ERP system cannot send emails to gmail.com or yahoo.com but Outlook sends emails with no problems. Below is the header for an ...
Ahmed Reda's user avatar
0 votes
0 answers
1k views

DMARC, DKIM, or SPF? Emails going into quarantine

I have never had to deal with DKIM, DMARC, or SPF records before; however, our SPF record is full (10, Cloudflare) and I have a vendor whose emails aren’t making it to our mailboxes. I made ...
Cody's user avatar
  • 1
0 votes
1 answer
142 views

I think I have a DMARC failure, posting to one list-server. The reports list my post under "forwarded," but the detail lines show mostly "reject"

I've recently implemented DMARC where I work. Most of the list-servers work just fine, either rewriting the from address or passing my posts unchanged, so they pass DKIM. One of them appears to be a ...
hbquikcomjamesl's user avatar
0 votes
0 answers
2k views

Allowing Messages from IP Address DMARC

I'm still learning infrastructure stuff and need to ask a question which relates to DMARC. A user in the organisation has an app which is sending marketing messages to staff within the business. The ...
RLBChrisBriant's user avatar
0 votes
1 answer
137 views

VERP: rewrite from header of NDR?

We provide cmail delivery for external clients from several different domains. We rewrite the envelope sender (AKA: "SMTP MAIL FROM","Return-Path" ) using a form of VERP. Thus we ...
Jasen's user avatar
  • 946
0 votes
1 answer
57 views

GSuite displaying "via" next to name after DNS change

After changing over to Cloudflare GSuite has been adding "via" next to the names of incoming emails. After a quick Google search I found this: https://support.google.com/mail/answer/1311182?hl=en ...
Tony's user avatar
  • 1
0 votes
2 answers
919 views

Emails fail DMARC check despite having the sender IP in SPF

I have the following DMARC record set up: v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=none; fo=0:1:d:s I have the following SPF record set up: v=spf1 mx -all the ...
SaidAlbahri's user avatar
0 votes
0 answers
325 views

Mail issues only with Google App domains

I have a local mail server set up. It is connected via a dedicated IP (with an appropriate PTR record). I have DKIM, DMARC, and SPF set up. My domain has been added to Google's Postmaster Tools and ...
Joseph's user avatar
  • 153
0 votes
0 answers
1k views

DMARC permission to receive all reports on an external subdomain

I'd like to set up a DMARC record so that I can receive reports on an external subdomain. To be specific, I have a domain called send.com which sends emails and is monitored by DMARC. The aggregate ...
lgc_ustc's user avatar
0 votes
1 answer
3k views

Mail tester have 10 score, but email flagged as spam, by gmail

I have setup an smtp postfix server, with opendkim, on a domain code-gmail.com I have put spf policy, dkim, dmarc in my domain TXT recors. I did setup reverse dns, to point correctly do my domain, i ...
ThinCrustItalianPizza's user avatar
0 votes
1 answer
296 views

No protection for gmail spoofing?

Somebody can verify that gmail's SPF and DMARC records are: "v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all" "v=DMARC1; p=none; ...
gip's user avatar
  • 1