Questions tagged [dmarc]
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.
61
questions with no upvoted or accepted answers
3
votes
0
answers
694
views
Google G Suite DMARC + SPF + DKIM for user domain aliases fail Google Admin Toolbox CheckMX
I have set up the above in my Google's old G-Suite account for a User Domain Alias but am still getting two warning messages:
https://webcoder.co.uk
There were some non-critical problems detected with ...
- 131
3
votes
0
answers
229
views
Using DMARC techniques to block Backscatter
We run a small email (receiving not bulk sending) service (~ 300 domains or so) for our customers and are just starting to introduce DMARC. One of the reasons for doing so is to help stop backscatter ...
- 280
2
votes
1
answer
2k
views
Why is OpenDMARC using my (the recipients) configuration for incoming mail?
Recently I've had some incoming emails be rejected by my mail server for failing DMARC checks. Upon closer inspection I noticed that the logs mentioned that the rejection was because OpenDMARC was ...
- 21
2
votes
1
answer
2k
views
DMARC fails on forwarded mails without DKIM
I am running a mail server (postfix) on a VPS that is set up to forward all mail sent to an address in my private domain to a GMail address. SPF, SRS, DKIM, and DMARC are set up for my mail server and ...
- 21
1
vote
0
answers
335
views
DMARC reports no longer being received from google
We are seeing a large number of DMARC rejects from google from emails that have both a valid DKIM signature and a valid SPF sender. We have validated this by sending the same emails to other ISPs and ...
- 141
1
vote
1
answer
260
views
Apparent DMARC External Validation query failure
I've got multiple domains hosted on a single Linode instance. As a result of some routine anti-spam checking the wonderful mxtoolbox (no affiliation) reports this:
DMARC External Validation External ...
- 195
1
vote
2
answers
219
views
Does this report mean someone is attempting to send emails fraudulently or that I have things configured wrong?
Pretty new to spf/dkim and dmark.
After setting this up just this morning I already got a report on a new website. Our service eamils our users via sendgrid and the rest of the emails are sent from ...
- 907
1
vote
1
answer
518
views
Email forwarding SPF and DKIM domains
In preparation for publishing a strict DMARC policy, I've:
Published a reporting-only policy.
Gathered nearly 2 months' worth of reports and uploaded them to dmarcian.
Started analysing them and ...
- 905
1
vote
1
answer
809
views
Why is opendmarc SPF failing this arriving message?
Why is this incoming message failing?
postfix/smtpd[4776]: connect from mail-mw2nam10on2073.outbound.protection.outlook.com[40.107.94.73]
postfix/smtpd[4776]: Anonymous TLS connection established ...
- 145
1
vote
1
answer
740
views
Postfix send mail only to GMail, all other domains are deferred and not sended
My Postfix server is running on Debian Stretch. It is able to send emails to a GMail address without problems which are not considered as spam. At the DNS level I configured DKIM, SPF and DMARC and ...
- 11
1
vote
1
answer
977
views
Gsuite DMARC SPF Setup Failure
I'm using Gsuite with our own domain name "audacy.space". I've setup DMARC, DKIM and SPF, and both DMARC Analyzer and Google's Mx Tool report no problems for the domain. However, our weekly DMARC ...
- 11
1
vote
0
answers
2k
views
What is wrong with this e-mail which is failing SPF(mailfrom) and DMARC?
This is a follow-up from "Why is my opendmarc failing pretty much everything that comes through?". I'm really struggling to understand what is going on.
Outgoing mail is verified correctly by the ...
- 279
1
vote
1
answer
308
views
Seemingly valid SRS-processed message is being rejected by gmail servers
I have a virtual private server with its own IP and have configured SPF, DKIM, DMARC, SRS (with postsrsd) and all that jazz. Let's call it domainut.com.
Most things are working, mail is being ...
- 131
1
vote
0
answers
2k
views
SPF softfail on gmail
I'm trying to setup my own smtp server with postfix and opendkim. I have publsished spf/dmarc/dkim recors, set up ptr. But currently, all my mail with any text goes into gmail spam folder. I have ...
1
vote
1
answer
198
views
How to setup SPF and DMARC for satellite hosts?
If I send mail directly from relay host - everything works like a charm. All checks are passed.
Delivered-To: [email protected]
Received: by 10.100.182.171 with SMTP id t40csp2626933pjb;
Thu, 26 ...
- 11
1
vote
0
answers
992
views
mail ends in google spam folder while SPF pass, DKIM pass, DMARC pass
I am trying to send basic mail to a gmail user test and the mail ends up in the spam folder. I don't really understand why. I used to send through ubuntu sendmail, spent a lot of time setting up ...
- 11
1
vote
1
answer
2k
views
DMARC and RFC2298 compliant MDNs with a null MailFrom... Can it work?
This is an issue we're seeing with Exchange Online but it would be an issue with most hosted email I suspect. When Office 365 / Exchange Online sends an automatic reply (Out of Office for example) it ...
- 123
1
vote
1
answer
357
views
What does a failed SPF record tell me from a DMARC Aggregate report?
I have been trying to find a straightforward answer to this, but I have been having no luck. I also tried asking on the security focused Stackexchange site, but had no luck there is well. I am hoping ...
- 11
1
vote
1
answer
342
views
SPF and DMARC - how is the SPF policy used
My domain has a strict DMARC policy (p=reject) and a standard SPF policy with ~all catchall.
My email provider is Google Workspace.
I received an email spoofing my sender address. It came from 41.174....
- 8,080
1
vote
1
answer
4k
views
message headers say dkim = fail, stats say = PASSED. why the conflict, and how to fix?
In some-not-all received emails -- notably ONLY those sent via 'bulk' services -- I get a DKIM fail: "signature verification failed". Here's one example:
Received message headers
DKIM-Filter: ...
- 11
0
votes
0
answers
21
views
Should smtp_helo_name always be the same as your MX record?
I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this:
"v=spf1 mx -all"
The MX records in the zone are:
mx0.mydomain.org.uk. ...
- 507
0
votes
0
answers
11
views
openarc: can't parse Authentication-Results
I've just set up openarc on fedora38 with postfix-3.7.9. I believe it's working properly, but I have a few questions.
I'm seeing messages like this periodically. I've found another similar report from ...
- 123
0
votes
0
answers
70
views
What are these DMARC failures about?
I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
- 103
0
votes
0
answers
72
views
DMARC, SPF and DNS wildcards
My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname:
example.com
sales.example.com
internal.example.com
mail.example.com
I initially ...
- 267
0
votes
0
answers
176
views
This relay isn't allowed to send mail "From" gmail.com
I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
0
votes
2
answers
735
views
DMARC without rua... proper format?
Yahoo and Google are now requiring DMARC according to Shopify. I have been setting them up for my clients, but I don't need the aggregate reporting. I only need it so that these companies can verify ...
0
votes
0
answers
105
views
Incorrect dmarc record landing some mail in spam
I have just received notice from one of our partners that some of our emails sent via AWS SES are being flagged by their email provider as potential spoof DMARC.
We used route 53 to add all our DNS ...
- 101
0
votes
0
answers
39
views
Postfix - Only allow relaying when sent from local user
At the moment, our Postfix + Dovecot mail system has two types of users: those with a full account and those with only a forwarder.
Users with a full account are in the virtual_aliases table pointing ...
- 101
0
votes
0
answers
176
views
DMARC and Postfix delivery reports
I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests.
The headers of regular messages (sent via my mailserver) look ...
- 267
0
votes
0
answers
42
views
Getting Spoofed - DMARC , DKIM and SPF are properly setup (AFIK)
I have been testing my DMARC policy for some weeks and I ran into this issue. Background:
SPF - setup and working
DKIM - set up and working (AFIK)
DMARC - set up and working - looking for alignments ...
- 1
0
votes
0
answers
82
views
Change mail from header in sendmail
We have two separate RTs (request trackers) configured on one server. They both are configured to send the emails through sendmail.
We are trying to configure now SPF and DMARC records for these DNS ...
0
votes
2
answers
356
views
Changing SPF record from ~all to -all where employee inboxes are with Google and Amazon SES is used for website transactional emails
I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...
- 165
0
votes
1
answer
226
views
How to proper dns zone config for selfhosted email server
Looking to harden the sending authentication of my email server, I am looking for some usefull hints on the topic.
As I have in total 4 Vps Servers where emails will be send from, registration ...
0
votes
0
answers
134
views
Send bulk emails with valid DMARC security
We are implementing a feedback feature in our web application. After completion of an event, we are sending emails requesting feedback and ratings to our visitors.
If we do write the following DMARC ...
0
votes
0
answers
90
views
Correct SPF record
I have been asked to apply DMARC protection to a domain. Part of this requires me to add an DNS record to the domain management console, however I have come across a stumbling block. The DMARC checker ...
0
votes
0
answers
176
views
postfix to gmail silent delivery failure
With the impending turndown of free hosted Google workspace accounts, I'm trying to install my own mail server using postfix/dovecot/opendkim. Mostly, it's working and for many of the services I've ...
- 131
0
votes
0
answers
508
views
Softfail on forwarded emails sent through Yahoo mail - Is there a fix?
happy to be here.
Excuse me for the wall of text but I am trying to help a friend who wants to keep on using his Yahoo mail for sending emails from his business email address.
His mail server is on ...
0
votes
1
answer
566
views
Why am I failing SPF only in my Google DMARC report?
Curious as to why my Google DMARC is coming back with a fail under SPF. Here is the report:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
...
- 1
0
votes
1
answer
488
views
SPF record with DMARC policy is not picking up the policy
We are now going through security verification, and we are using SecurityScorecard for it.
One of the issues that we are still trying to fight, is the SPF record.
The details of the error are as ...
- 101
0
votes
1
answer
5k
views
550-5.7.26 Unauthenticated email from domain is not accepted due on ERP only
I have made updates to our mail server to use DMARC. So after This our ERP system cannot send emails to gmail.com or yahoo.com but Outlook sends emails with no problems.
Below is the header for an ...
- 21
0
votes
0
answers
1k
views
DMARC, DKIM, or SPF? Emails going into quarantine
I have never had to deal with DKIM, DMARC, or SPF records before; however, our SPF record is full (10, Cloudflare) and I have a vendor whose emails aren’t making it to our mailboxes.
I made ...
- 1
0
votes
1
answer
142
views
I think I have a DMARC failure, posting to one list-server. The reports list my post under "forwarded," but the detail lines show mostly "reject"
I've recently implemented DMARC where I work.
Most of the list-servers work just fine, either rewriting the from address or passing my posts unchanged, so they pass DKIM. One of them appears to be a ...
- 259
0
votes
0
answers
2k
views
Allowing Messages from IP Address DMARC
I'm still learning infrastructure stuff and need to ask a question which relates to DMARC. A user in the organisation has an app which is sending marketing messages to staff within the business. The ...
- 615
0
votes
1
answer
137
views
VERP: rewrite from header of NDR?
We provide cmail delivery for external clients from several different domains.
We rewrite the envelope sender (AKA: "SMTP MAIL FROM","Return-Path" ) using a form of VERP. Thus we ...
- 946
0
votes
1
answer
57
views
GSuite displaying "via" next to name after DNS change
After changing over to Cloudflare GSuite has been adding "via" next to the names of incoming emails. After a quick Google search I found this:
https://support.google.com/mail/answer/1311182?hl=en
...
- 1
0
votes
2
answers
919
views
Emails fail DMARC check despite having the sender IP in SPF
I have the following DMARC record set up:
v=DMARC1; p=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; sp=none; fo=0:1:d:s
I have the following SPF record set up:
v=spf1 mx -all
the ...
0
votes
0
answers
325
views
Mail issues only with Google App domains
I have a local mail server set up. It is connected via a dedicated IP (with an appropriate PTR record). I have DKIM, DMARC, and SPF set up.
My domain has been added to Google's Postmaster Tools and ...
- 153
0
votes
0
answers
1k
views
DMARC permission to receive all reports on an external subdomain
I'd like to set up a DMARC record so that I can receive reports on an external subdomain. To be specific, I have a domain called send.com which sends emails and is monitored by DMARC. The aggregate ...
- 41
0
votes
1
answer
3k
views
Mail tester have 10 score, but email flagged as spam, by gmail
I have setup an smtp postfix server, with opendkim, on a domain code-gmail.com
I have put spf policy, dkim, dmarc in my domain TXT recors. I did setup reverse dns, to point correctly do my domain, i ...
0
votes
1
answer
296
views
No protection for gmail spoofing?
Somebody can verify that gmail's SPF and DMARC records are:
"v=spf1 include:_netblocks.google.com include:_netblocks2.google.com include:_netblocks3.google.com ~all"
"v=DMARC1; p=none; ...
- 1