Skip to main content

Questions tagged [dmarc]

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.

Filter by
Sorted by
Tagged with
1 vote
1 answer
1k views

Should I use DKIM, SPF and DMARC on domains used only for alias/redirection inbound email?

I have a bunch of domains, let's say: example.org example.com example.net example.be My mail server is running on mail.example.net. I only use the domain example.com to send and receive emails. All ...
wget's user avatar
  • 307
0 votes
0 answers
484 views

Hotmail DMARC reports show errors in DKIM verification, but not always

I set DKIM, SPF and DMARC on my domain. I placed on the DMARC register I want to receive reports to see if my implementation of rules it's ok or not, to set a strict rule to say if something it's ...
NetVicious's user avatar
2 votes
2 answers
1k views

Not receiving DMARC reports from major ESPs (gmail, yahoo, hotmail, etc)

I have recently set up a DMARC record for my domain. DMARC record looks like this, only domain name has been redacted: v=DMARC1; p=none; fo=1; rua=mailto:[email protected]!10m; ruf=mailto:...
Bintz's user avatar
  • 415
5 votes
1 answer
14k views

Improve Spam Confidence Level (SCL) for outgoing emails

I have a postfix SMTP server on Ubuntu. I have valid SPF and DKIM records, as verified by the email header my customer received. Authentication-Results: spf=pass (sender IP is XXX.XXX.XXX.XXX) ...
Raptor's user avatar
  • 1,041
6 votes
1 answer
1k views

DMARC: must rua email match domain?

I'm trying to implement DMARC for a domain and the address specified in the rua tag is my own personal email for convenience. I have been receiving aggregate reports only from a handful of ESPs, and ...
Bintz's user avatar
  • 415
1 vote
1 answer
485 views

Interpreting DMARC report

I have DKIM and SPF configured for my SMTP server, and recently set the policies to strict/reject. I received the report shown below from Google. Ths source IP is not my SMTP server. I read this as ...
Ex Umbris's user avatar
  • 864
2 votes
1 answer
3k views

DMARC configured to reject - I don't understand this report from Google

I have DKIM and SPF configured, and set in my DMARC record for strict enforcement and policy=reject: v=DMARC1; p=reject; adkim=s; aspf=s; fo=1; ri=3600; ... Today I received the following DMARC ...
Ex Umbris's user avatar
  • 864
0 votes
2 answers
43 views

Can DMARC apply to email already received?

We have a domain that has been "ruined" by spammers, using it's reputation for sending spam mails. We're moving to a different domain and would like the previous domain to become a "death trap"; ...
Martijn's user avatar
  • 356
0 votes
2 answers
3k views

Postfix policyd-spf reject None

How to configure policyd-spf in Postfix to reject domains with no SPF record? The documentation doesn't specify this condition and its needed to reject spoofed/unauthorized emails on an outbound ...
Pavin Joseph's user avatar
15 votes
3 answers
7k views

DMARC Alignment: Enforce messages pass BOTH SPF and DKIM

Is there a way to enforce DMARC to fail/reject mail that doesn't pass BOTH DKIM and SPF? We have been narrowing the number that are failing, but there are some domains in our aggregate (rua) report ...
Noah Hall-Potvin's user avatar
1 vote
1 answer
407 views

Can I use DMARC if SPF fails

I'm trying to enable DMARC. The problem that I see is that since I use 3rd party companies for marketing emails, DMARC SPF fails for those emails because they put email from their own domain into ...
Roman_T's user avatar
  • 341
20 votes
2 answers
17k views

What does rua and ruf stand for in the DMARC spec?

I've searched all over Google and unable to find why these reports are named "rua" and "ruf". They don't seem random, but also don't appear to easily translates in an obvious way to their definitions....
cavalcade's user avatar
  • 351
0 votes
2 answers
776 views

SPF, DKIM and DMARC header order

I just recently set up DMARC on my mail server and in received mails, the order of SPF, DKIM and DMARC headers are strange. Moreover, if DKIM signature missign, there is no DMARC related "...
Halacs's user avatar
  • 175
3 votes
1 answer
3k views

Interpreting a DMARC report that seems to have conflicting data

I recently implemented DMARC in monitoring mode, in order to begin preparing all the domains I manage. Here is the aggregate report for yesterday. I don't understand why DKIM would evaluate to false ...
samh's user avatar
  • 213
1 vote
1 answer
4k views

message headers say dkim = fail, stats say = PASSED. why the conflict, and how to fix?

In some-not-all received emails -- notably ONLY those sent via 'bulk' services -- I get a DKIM fail: "signature verification failed". Here's one example: Received message headers DKIM-Filter: ...
Jason's user avatar
  • 11
12 votes
1 answer
7k views

Why don't my domain's messages to a google group get their headers rewritten so DMARC can pass?

Whenever my domain sends a message to a google group on another domain the DMARC alignment fails. This is true for all my approved senders, even using Gmail in my domain. It seems to be because the ...
lordbyron's user avatar
  • 371
2 votes
3 answers
6k views

DMARC for AmazonSES fails. Why?

I've setup SPF and DKIM for my custom domain to send emails. While SPF and DKIM tests pass, the DMARC test fails for emails that have reply-to address different from "From" field. My SPF record: v=...
user1537407's user avatar
0 votes
1 answer
303 views

SPF redirect to subdomain TXT does not work for Google?

Funny situation, and I'm not sure if this is my fault or Google's. I have a domain, example.com, which has 2 subdomains: main.example.com, and spf.example.com. For main.example.com domain, my TXT ...
StanTastic's user avatar
11 votes
2 answers
22k views

DMARC failed, but SPF pass

If i sent a mail from my website (on a private server) to [email protected], i have this report : <record> <row> <source_ip>x.x.x.x</source_ip> <count>1&...
griotteau's user avatar
  • 271
8 votes
2 answers
9k views

How many emails can I put in one dmarc record's rua attribute?

How many emails can I put in one dmarc record? Is the following invalid because there are three mailto attributes? All the examples I see online have two addresses at most. "v=DMARC1; p=reject; rua=...
ThisClark's user avatar
  • 298
0 votes
1 answer
115 views

Does DMARC send alerts even upon successful delivery?

I keep getting DMARC reports that show that my IP passed all SPF and DKIM checks. Is this just an email to say that everything's fine or is it an indication of a problem? If the latter, there's ...
mwoods's user avatar
  • 3
1 vote
1 answer
7k views

Email abuse reports for outbound.protection.outlook.com

I've recently set up a DMARC record for my domain and now I'm receiving email abuse reports from hotmail.com that state: This is an email abuse report for an email message received from IP 104.47....
CamaroSS's user avatar
  • 243
13 votes
3 answers
13k views

Why does DMARC operate on the From-address, and not the envelope sender (Return-Path)?

Several emails sent from my webserver to a Gmail address, where the From: address is [email protected], have been marked as spam by Gmail. The From: field is populated from form data, and ...
EelkeSpaak's user avatar
11 votes
4 answers
18k views

SPF + DKIM + DMARC with Gmail account and external mail server

I,m using gmail with own domain (Google Apps) for my project. Now I want to add external mail server for sending notifications for users. Gmail doesn't give private keys for DKIM and if keys will be ...
cptBuggy's user avatar
  • 111
7 votes
2 answers
14k views

Receiving DMARC reports for emails I do not send

I am hosting the email for my domain (lets call it example.com) on google apps (free legacy edition). I recently enabled the DMARC reports so I now get a daily report for the emails sent from my ...
DorAga's user avatar
  • 161
2 votes
3 answers
3k views

DKIM: Can I simply change the RSA key used in DKIM without changing the DKIM selector?

Can I simply change the RSA key used in DKIM (DNS TXT Record) without changing the DKIM selector or will this result in any issues? If not, what's them the purpose of the DKIM selector? BTW: 20120113 ...
Florian Schneider's user avatar
16 votes
1 answer
6k views

DKIM: Can I use a RSA key larger than 2048bit, i.e. 4096?

I wonder if I can simply use a 4096bit RSA key for DKIM (in DNS TXT Record). Are there any downsides (neglecting computational effort)? Maybe there are mail servers which can't handle a key this large?...
Florian Schneider's user avatar
4 votes
1 answer
2k views

correct order for Postfix milters

I use the following milters with Postfix: ClamAV, OpenDKIM, OpenDMARC, Rspamd This is also the order they are being called via smtpd_milters. What would be the best order for them regarding ...
basbebe's user avatar
  • 313
0 votes
1 answer
2k views

DKIM, SPF, DMARC, SPF OK mails are flagged as SPAM

I have a dedicated server running CentOS7 with Postfix, the problem is that all the sent mails are flagged as SPAM by hotmail and gmail despite DKIM, SPF, DomainKeys, DMARC records and keys wich are ...
pixel draw solutions's user avatar
2 votes
2 answers
7k views

Missing or Invalid DMARC Record in server mail

my main problem is that I am not receiving mails to my domain after adding an MX Server to my domain for mailing in Webmin, and After testing a server by mxtoolbox.com tool, I found that there is ...
Spartan's user avatar
  • 121
0 votes
1 answer
951 views

SPF, DKIM, DMARC, DomainKeys OK, emails flagged as SPAM [closed]

I have a new dedicated server running CentOS7 with Plesk 12.5 with postfix, and i have succesfully set SPF, DKIM, DMARC and DomainKeys as it shows this test from port25.com: ==========================...
pdsolutions1's user avatar
1 vote
1 answer
886 views

Two different dkim result records in DMARC report from google

I get DMARC report from google, and the dkim check appears twice, one with pass, the other with fail status. This same report includes another record from the same IP with all pass status. Any idea ...
yhager's user avatar
  • 133
0 votes
3 answers
1k views

Improving email deliverability: Implementing DKIM and DMARC

I have a messaging system on my app where users can send messages directly to other users straight from my domain (not going through Mailchimp's Mandrill templates or Google Apps). I also have cron ...
Gabriel Ferraz's user avatar
4 votes
2 answers
3k views

How can you tell the difference between rua and ruf DMARC reports?

I have a client that's receiving DMARC reports from various providers however the reports indicate that all checks 'PASS' and all DMARC/DKIM/SPF checking tools indicate the DMARC records are fine. ...
user315851's user avatar
3 votes
2 answers
6k views

SPF and DKIM help: Do the FAIL reports from DMARC indicate an issue?

I am having trouble determining if my SPF and DKIM are configured properly. Here are key details: My domain is mysteryscience.com We send mail from google apps, from SendGrid, and from Intercom. All ...
Keith Schacht's user avatar
15 votes
2 answers
19k views

What does dis=NONE mean in an email's Authentication-Results header?

The following is from an email I received recently: Authentication-Results: mx.google.com; spf=neutral; dkim=pass [email protected]; dmarc=pass (p=REJECT dis=NONE) header.from=...
Alex Henrie's user avatar
2 votes
1 answer
1k views

Why does Yahoo DMARC Report show DKIM is Valid for emails coming from Google's Servers?

My domain name for the below issue is developcents.com, and I run my own Postfix implementation on CentOS 7. I've had ongoing issues for several months where emails I send from my mail server (...
David W's user avatar
  • 3,469
-2 votes
1 answer
669 views

subdomains and SPF failures

I have recently moved some of my e-mail services to sub-domains (sub1.company.com, sub2.company.com) because the SPF of the main domain - company.com got full (lot's of includes and there is more ...
Peter's user avatar
  • 1
1 vote
2 answers
302 views

Is DMARC helpful to me if I don't need reporting?

I have SPF and DKIM setup and working for the email domain I administer. The next recommended step is to setup DMARC since SPF and DKIM are both in place. What are the benefits of using DMARC if both ...
poke's user avatar
  • 1,079
4 votes
2 answers
3k views

Only enable SRS when forwarding to enable DMARC

I am setting up a mail server on my VPS and in order to prevent spam and being marked as spam I have enabled SPF, DKIM and DMARC. However, I do not want to host my own mailbox, so I forward the ...
Matthijs Steen's user avatar
2 votes
1 answer
2k views

Mail marked as spam (Gmail/Hotmail): IP not on blacklist, DKIM Valid, SPF Valid and DMARC valid

I'm trying to send mail from my own domain (which is 15 days old now) but I'm having some troubles. Check the following mail body: Delivered-To: [email protected] Received: by 10.25.89.200 with SMTP ...
user1226868's user avatar
0 votes
1 answer
73 views

DNSsec error in Bind9.10 following update of freebsd10.1

My DNSsec began to fail following a ports update. I have reinstalled Bind on both master and slave but the error still persist. 35 ;; WE HAVE MATERIAL, WE NOW DO VALIDATION 36 ;; VERIFYING A RRset ...
nix's user avatar
  • 145
0 votes
1 answer
308 views

Partial DKIM pitfalls?

We've recently implemented DKIM for automated emails sent out from our website (SMTP on static IP). However we cannot implement DKIM for our hosted exchange email accounts (managed hosting sends from ...
AbsolutelyN's user avatar
46 votes
5 answers
79k views

Find DKIM and DMARC Records?

Is there a method to find a domain's DKIM and DMARC records using dig or nslookup? I have attempted to do the following: dig somedomain.org any returns many records, but not the known DKIM and ...
Evil Genius's user avatar
1 vote
1 answer
1k views

SPF failure with gmail

I'm trying to properly set up DKIM, SPF, and DMARC so emails sent from my server are less likely to be seen as spam. I got my first DMARC report and I'm little confused by this part: <record>...
Tim Tisdall's user avatar
4 votes
1 answer
6k views

DMARC is blocking email that seems like it should be allowed

This is the DMARC record we have set v=DMARC1; p=reject; rua=mailto:[redacted]@coinbase.com; adkim=r; aspf=s So we are rejecting any not match with SPF strictly, and DKIM is relaxed. Here is the ...
Brian Armstrong's user avatar
4 votes
1 answer
3k views

DMARC 'sampled out' policy override effect in GMail server

Anyone know what actually a sampled out override reason mean in DMARC aggregated daily reports? I only get those from GMail and recently I've got some complains of undelivered messages from recipients ...
squirrely's user avatar
  • 219
4 votes
1 answer
2k views

How to prevent emails from my domain through mailing lists to be rejected due to DMARC

I operate my own mail server at speedofsoundgaming.com and mwtd.net. I recently added a DMARC record to my domain to help prevent spam, and once seeing that things seemed to be working, upped the ...
Michael Taboada's user avatar
10 votes
3 answers
22k views

Why is my email failing Gmail's DKIM test?

I have a message that was rejected by Gmail, I don't know why. It passes SPF. We aren't using DKIM. Do I need to set up DKIM? I am in control of "example.com". Our mail server is "server.example.com" ...
nielsbot's user avatar
  • 223
6 votes
2 answers
2k views

Designating A DKIM Signer Other Than The "From" Domain

A few months ago, I implemented SPF/DKIM/DMARC for my three-person company. After a trial period, I switched our DMARC to "p=reject", so that emails are rejected if they fail SPF/DKIM. Generally, it ...
joseph_morris's user avatar