Questions tagged [dmarc]
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.
253
questions
1
vote
1
answer
1k
views
Should I use DKIM, SPF and DMARC on domains used only for alias/redirection inbound email?
I have a bunch of domains, let's say:
example.org
example.com
example.net
example.be
My mail server is running on mail.example.net. I only use the domain example.com to send and receive emails. All ...
0
votes
0
answers
484
views
Hotmail DMARC reports show errors in DKIM verification, but not always
I set DKIM, SPF and DMARC on my domain. I placed on the DMARC register I want to receive reports to see if my implementation of rules it's ok or not, to set a strict rule to say if something it's ...
2
votes
2
answers
1k
views
Not receiving DMARC reports from major ESPs (gmail, yahoo, hotmail, etc)
I have recently set up a DMARC record for my domain. DMARC record looks like this, only domain name has been redacted:
v=DMARC1; p=none; fo=1; rua=mailto:[email protected]!10m; ruf=mailto:...
5
votes
1
answer
14k
views
Improve Spam Confidence Level (SCL) for outgoing emails
I have a postfix SMTP server on Ubuntu. I have valid SPF and DKIM records, as verified by the email header my customer received.
Authentication-Results: spf=pass (sender IP is XXX.XXX.XXX.XXX)
...
6
votes
1
answer
1k
views
DMARC: must rua email match domain?
I'm trying to implement DMARC for a domain and the address specified in the rua tag is my own personal email for convenience. I have been receiving aggregate reports only from a handful of ESPs, and ...
1
vote
1
answer
485
views
Interpreting DMARC report
I have DKIM and SPF configured for my SMTP server, and recently set
the policies to strict/reject. I received the report shown below from
Google. Ths source IP is not my SMTP server.
I read this as ...
2
votes
1
answer
3k
views
DMARC configured to reject - I don't understand this report from Google
I have DKIM and SPF configured, and set in my DMARC record for strict enforcement and policy=reject:
v=DMARC1; p=reject; adkim=s; aspf=s; fo=1; ri=3600; ...
Today I received the following DMARC ...
0
votes
2
answers
43
views
Can DMARC apply to email already received?
We have a domain that has been "ruined" by spammers, using it's reputation for sending spam mails.
We're moving to a different domain and would like the previous domain to become a "death trap"; ...
0
votes
2
answers
3k
views
Postfix policyd-spf reject None
How to configure policyd-spf in Postfix to reject domains with no SPF record?
The documentation doesn't specify this condition and its needed to reject spoofed/unauthorized emails on an outbound ...
15
votes
3
answers
7k
views
DMARC Alignment: Enforce messages pass BOTH SPF and DKIM
Is there a way to enforce DMARC to fail/reject mail that doesn't pass BOTH DKIM and SPF?
We have been narrowing the number that are failing, but there are some domains in our aggregate (rua) report ...
1
vote
1
answer
407
views
Can I use DMARC if SPF fails
I'm trying to enable DMARC.
The problem that I see is that since I use 3rd party companies for marketing emails, DMARC SPF fails for those emails because they put email from their own domain into ...
20
votes
2
answers
17k
views
What does rua and ruf stand for in the DMARC spec?
I've searched all over Google and unable to find why these reports are named "rua" and "ruf".
They don't seem random, but also don't appear to easily translates in an obvious way to their definitions....
0
votes
2
answers
776
views
SPF, DKIM and DMARC header order
I just recently set up DMARC on my mail server and in received mails, the order of SPF, DKIM and DMARC headers are strange. Moreover, if DKIM signature missign, there is no DMARC related "...
3
votes
1
answer
3k
views
Interpreting a DMARC report that seems to have conflicting data
I recently implemented DMARC in monitoring mode, in order to begin preparing all the domains I manage. Here is the aggregate report for yesterday. I don't understand why DKIM would evaluate to false ...
1
vote
1
answer
4k
views
message headers say dkim = fail, stats say = PASSED. why the conflict, and how to fix?
In some-not-all received emails -- notably ONLY those sent via 'bulk' services -- I get a DKIM fail: "signature verification failed". Here's one example:
Received message headers
DKIM-Filter: ...
12
votes
1
answer
7k
views
Why don't my domain's messages to a google group get their headers rewritten so DMARC can pass?
Whenever my domain sends a message to a google group on another domain the DMARC alignment fails. This is true for all my approved senders, even using Gmail in my domain. It seems to be because the ...
2
votes
3
answers
6k
views
DMARC for AmazonSES fails. Why?
I've setup SPF and DKIM for my custom domain to send emails.
While SPF and DKIM tests pass, the DMARC test fails for emails that have reply-to address different from "From" field.
My SPF record:
v=...
0
votes
1
answer
303
views
SPF redirect to subdomain TXT does not work for Google?
Funny situation, and I'm not sure if this is my fault or Google's.
I have a domain, example.com, which has 2 subdomains: main.example.com, and spf.example.com. For main.example.com domain, my TXT ...
11
votes
2
answers
22k
views
DMARC failed, but SPF pass
If i sent a mail from my website (on a private server) to [email protected], i have this report :
<record>
<row>
<source_ip>x.x.x.x</source_ip>
<count>1&...
8
votes
2
answers
9k
views
How many emails can I put in one dmarc record's rua attribute?
How many emails can I put in one dmarc record? Is the following invalid because there are three mailto attributes? All the examples I see online have two addresses at most.
"v=DMARC1; p=reject; rua=...
0
votes
1
answer
115
views
Does DMARC send alerts even upon successful delivery?
I keep getting DMARC reports that show that my IP passed all SPF and DKIM checks. Is this just an email to say that everything's fine or is it an indication of a problem? If the latter, there's ...
1
vote
1
answer
7k
views
Email abuse reports for outbound.protection.outlook.com
I've recently set up a DMARC record for my domain and now I'm receiving email abuse reports from hotmail.com that state:
This is an email abuse report for an email message received from IP 104.47....
13
votes
3
answers
13k
views
Why does DMARC operate on the From-address, and not the envelope sender (Return-Path)?
Several emails sent from my webserver to a Gmail address, where the From: address is [email protected], have been marked as spam by Gmail. The From: field is populated from form data, and ...
11
votes
4
answers
18k
views
SPF + DKIM + DMARC with Gmail account and external mail server
I,m using gmail with own domain (Google Apps) for my project. Now I want to add external mail server for sending notifications for users. Gmail doesn't give private keys for DKIM and if keys will be ...
7
votes
2
answers
14k
views
Receiving DMARC reports for emails I do not send
I am hosting the email for my domain (lets call it example.com) on google apps (free legacy edition). I recently enabled the DMARC reports so I now get a daily report for the emails sent from my ...
2
votes
3
answers
3k
views
DKIM: Can I simply change the RSA key used in DKIM without changing the DKIM selector?
Can I simply change the RSA key used in DKIM (DNS TXT Record) without changing the DKIM selector or will this result in any issues?
If not, what's them the purpose of the DKIM selector?
BTW: 20120113 ...
16
votes
1
answer
6k
views
DKIM: Can I use a RSA key larger than 2048bit, i.e. 4096?
I wonder if I can simply use a 4096bit RSA key for DKIM (in DNS TXT Record).
Are there any downsides (neglecting computational effort)?
Maybe there are mail servers which can't handle a key this large?...
4
votes
1
answer
2k
views
correct order for Postfix milters
I use the following milters with Postfix:
ClamAV, OpenDKIM, OpenDMARC, Rspamd
This is also the order they are being called via smtpd_milters.
What would be the best order for them regarding ...
0
votes
1
answer
2k
views
DKIM, SPF, DMARC, SPF OK mails are flagged as SPAM
I have a dedicated server running CentOS7 with Postfix, the problem is that all the sent mails are flagged as SPAM by hotmail and gmail despite DKIM, SPF, DomainKeys, DMARC records and keys wich are ...
2
votes
2
answers
7k
views
Missing or Invalid DMARC Record in server mail
my main problem is that I am not receiving mails to my domain after adding an MX Server to my domain for mailing in Webmin, and
After testing a server by mxtoolbox.com tool, I found that there is ...
0
votes
1
answer
951
views
SPF, DKIM, DMARC, DomainKeys OK, emails flagged as SPAM [closed]
I have a new dedicated server running CentOS7 with Plesk 12.5 with postfix, and i have succesfully set SPF, DKIM, DMARC and DomainKeys as it shows this test from port25.com:
==========================...
1
vote
1
answer
886
views
Two different dkim result records in DMARC report from google
I get DMARC report from google, and the dkim check appears twice, one with pass, the other with fail status. This same report includes another record from the same IP with all pass status. Any idea ...
0
votes
3
answers
1k
views
Improving email deliverability: Implementing DKIM and DMARC
I have a messaging system on my app where users can send messages directly to other users straight from my domain (not going through Mailchimp's Mandrill templates or Google Apps). I also have cron ...
4
votes
2
answers
3k
views
How can you tell the difference between rua and ruf DMARC reports?
I have a client that's receiving DMARC reports from various providers however the reports indicate that all checks 'PASS' and all DMARC/DKIM/SPF checking tools indicate the DMARC records are fine. ...
3
votes
2
answers
6k
views
SPF and DKIM help: Do the FAIL reports from DMARC indicate an issue?
I am having trouble determining if my SPF and DKIM are configured properly. Here are key details:
My domain is mysteryscience.com
We send mail from google apps, from SendGrid, and from Intercom. All ...
15
votes
2
answers
19k
views
What does dis=NONE mean in an email's Authentication-Results header?
The following is from an email I received recently:
Authentication-Results: mx.google.com;
spf=neutral;
dkim=pass [email protected];
dmarc=pass (p=REJECT dis=NONE) header.from=...
2
votes
1
answer
1k
views
Why does Yahoo DMARC Report show DKIM is Valid for emails coming from Google's Servers?
My domain name for the below issue is developcents.com, and I run my own Postfix implementation on CentOS 7.
I've had ongoing issues for several months where emails I send from my mail server (...
-2
votes
1
answer
669
views
subdomains and SPF failures
I have recently moved some of my e-mail services to sub-domains (sub1.company.com, sub2.company.com) because the SPF of the main domain - company.com got full (lot's of includes and there is more ...
1
vote
2
answers
302
views
Is DMARC helpful to me if I don't need reporting?
I have SPF and DKIM setup and working for the email domain I administer. The next recommended step is to setup DMARC since SPF and DKIM are both in place.
What are the benefits of using DMARC if both ...
4
votes
2
answers
3k
views
Only enable SRS when forwarding to enable DMARC
I am setting up a mail server on my VPS and in order to prevent spam and being marked as spam I have enabled SPF, DKIM and DMARC. However, I do not want to host my own mailbox, so I forward the ...
2
votes
1
answer
2k
views
Mail marked as spam (Gmail/Hotmail): IP not on blacklist, DKIM Valid, SPF Valid and DMARC valid
I'm trying to send mail from my own domain (which is 15 days old now) but I'm having some troubles. Check the following mail body:
Delivered-To: [email protected]
Received: by 10.25.89.200 with SMTP ...
0
votes
1
answer
73
views
DNSsec error in Bind9.10 following update of freebsd10.1
My DNSsec began to fail following a ports update. I have reinstalled Bind on both master and slave but the error still persist.
35 ;; WE HAVE MATERIAL, WE NOW DO VALIDATION
36 ;; VERIFYING A RRset ...
0
votes
1
answer
308
views
Partial DKIM pitfalls?
We've recently implemented DKIM for automated emails sent out from our website (SMTP on static IP). However we cannot implement DKIM for our hosted exchange email accounts (managed hosting sends from ...
46
votes
5
answers
79k
views
Find DKIM and DMARC Records?
Is there a method to find a domain's DKIM and DMARC records using dig or nslookup?
I have attempted to do the following:
dig somedomain.org any
returns many records, but not the known DKIM and ...
1
vote
1
answer
1k
views
SPF failure with gmail
I'm trying to properly set up DKIM, SPF, and DMARC so emails sent from my server are less likely to be seen as spam. I got my first DMARC report and I'm little confused by this part:
<record>...
4
votes
1
answer
6k
views
DMARC is blocking email that seems like it should be allowed
This is the DMARC record we have set
v=DMARC1; p=reject; rua=mailto:[redacted]@coinbase.com; adkim=r; aspf=s
So we are rejecting any not match with SPF strictly, and DKIM is relaxed.
Here is the ...
4
votes
1
answer
3k
views
DMARC 'sampled out' policy override effect in GMail server
Anyone know what actually a sampled out override reason mean in DMARC aggregated daily reports? I only get those from GMail and recently I've got some complains of undelivered messages from recipients ...
4
votes
1
answer
2k
views
How to prevent emails from my domain through mailing lists to be rejected due to DMARC
I operate my own mail server at speedofsoundgaming.com and mwtd.net. I recently added a DMARC record to my domain to help prevent spam, and once seeing that things seemed to be working, upped the ...
10
votes
3
answers
22k
views
Why is my email failing Gmail's DKIM test?
I have a message that was rejected by Gmail, I don't know why. It passes SPF. We aren't using DKIM. Do I need to set up DKIM?
I am in control of "example.com". Our mail server is "server.example.com" ...
6
votes
2
answers
2k
views
Designating A DKIM Signer Other Than The "From" Domain
A few months ago, I implemented SPF/DKIM/DMARC for my three-person company. After a trial period, I switched our DMARC to "p=reject", so that emails are rejected if they fail SPF/DKIM. Generally, it ...