Questions tagged [dmarc]
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.
24
questions
5
votes
1
answer
2k
views
NOT receiving DMARC reports from AOL / HOTMAIL / MSN / OUTLOOK / LIVE
My DMARC DNS record looks like this: (domain name is redacted)
_dmarc.domain.com TXT "v=DMARC1; p=none; sp=none; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf;
pct=100; ri=...
4
votes
1
answer
2k
views
How to prevent emails from my domain through mailing lists to be rejected due to DMARC
I operate my own mail server at speedofsoundgaming.com and mwtd.net. I recently added a DMARC record to my domain to help prevent spam, and once seeing that things seemed to be working, upped the ...
20
votes
2
answers
17k
views
What does rua and ruf stand for in the DMARC spec?
I've searched all over Google and unable to find why these reports are named "rua" and "ruf".
They don't seem random, but also don't appear to easily translates in an obvious way to their definitions....
16
votes
1
answer
6k
views
DKIM: Can I use a RSA key larger than 2048bit, i.e. 4096?
I wonder if I can simply use a 4096bit RSA key for DKIM (in DNS TXT Record).
Are there any downsides (neglecting computational effort)?
Maybe there are mail servers which can't handle a key this large?...
15
votes
3
answers
7k
views
DMARC Alignment: Enforce messages pass BOTH SPF and DKIM
Is there a way to enforce DMARC to fail/reject mail that doesn't pass BOTH DKIM and SPF?
We have been narrowing the number that are failing, but there are some domains in our aggregate (rua) report ...
12
votes
4
answers
8k
views
Why is my opendmarc failing pretty much everything that comes through?
I have this domain for which I set up SPF, DKIM, and DMARC stuff. Let's pretend the domain is example.com which has the following entries in its DNS zone:
example.com. 600 IN MX ...
11
votes
2
answers
22k
views
DMARC failed, but SPF pass
If i sent a mail from my website (on a private server) to [email protected], i have this report :
<record>
<row>
<source_ip>x.x.x.x</source_ip>
<count>1&...
8
votes
2
answers
3k
views
DMARC test failed but we didn't find any obvious reason why; DMARC not passing while SPF and DKIM do
About 7 days ago, I found out on https://www.mail-tester.com that sometimes (50% of my tries over a couple of days) my company email does not pass DMARC test. As it states it does not know why, I am ...
7
votes
2
answers
7k
views
DMARC fail, but DKIM and SPF are passing
I am using AWS SES (in sandbox mode) to send an email to a GMail address.
Unfortunately it gets flagged as spam.
Google is nice enough to tell me in the message details that it is a DMARC failure
I ...
5
votes
2
answers
17k
views
how to configuration dkim on exchange email server
Mails sent from our internal email server to public servers such as Gmail, Yahoo and all other external organizations are delivering to spam. We currently use exchange server, in order to tackle above ...
4
votes
2
answers
3k
views
Only enable SRS when forwarding to enable DMARC
I am setting up a mail server on my VPS and in order to prevent spam and being marked as spam I have enabled SPF, DKIM and DMARC. However, I do not want to host my own mailbox, so I forward the ...
2
votes
1
answer
2k
views
Mail marked as spam (Gmail/Hotmail): IP not on blacklist, DKIM Valid, SPF Valid and DMARC valid
I'm trying to send mail from my own domain (which is 15 days old now) but I'm having some troubles. Check the following mail body:
Delivered-To: [email protected]
Received: by 10.25.89.200 with SMTP ...
2
votes
1
answer
1k
views
OpenDMARC with multiple MX: correct setup for trust between servers
There are many tutorials on how to setup OpenDMARC on your favorite flavor of Linux, but they all focus on single server configurations. My goal was to keep backup secondary MX servers, but enforce ...
2
votes
1
answer
2k
views
Why is OpenDMARC using my (the recipients) configuration for incoming mail?
Recently I've had some incoming emails be rejected by my mail server for failing DMARC checks. Upon closer inspection I noticed that the logs mentioned that the rejection was because OpenDMARC was ...
2
votes
2
answers
360
views
SPF and DMARC - is spf policy used?
I understand how SPF is involved with DMARC alignment, but one thing I can't get clear: is the SPF policy (-all or ~all) used in DMARC? Or does DMARC merely use the IP ranges?
The issue is, that as ...
2
votes
2
answers
6k
views
How do I whitelist another sender (e.g. Sendgrid) for DMARC?
We host our own e-mail but use Sendgrid to send mail on behalf of a few internal PHP services that can't easily handle our mail configuration (e.g. they disallow self-signed certs by default, so ...
2
votes
1
answer
1k
views
Is SPF alignment important with DMARC?
When setting up a DMARC policy for an organization, is it important at all to have SPF alignment?
I've gathered that:
Most email service providers support DKIM for a custom domain.
Not all email ...
2
votes
1
answer
3k
views
DMARC configured to reject - I don't understand this report from Google
I have DKIM and SPF configured, and set in my DMARC record for strict enforcement and policy=reject:
v=DMARC1; p=reject; adkim=s; aspf=s; fo=1; ri=3600; ...
Today I received the following DMARC ...
1
vote
2
answers
343
views
Should we enhance DMARC to allow aligned DKIM enforcement?
Currently, DMARC only requires aligned DKIM or SPF.
However spoofing SPF is relatively simple for an experienced hacker:
You should only control a single IP address in the often large SPF range of e-...
1
vote
1
answer
2k
views
Does an SPF SoftFail trigger DMARC reject
I've googled around and even tried to find the answer in the RFC to this one.
For this question, let's assume DKIM will always fail and leave it out of the picture.
If the DMARC policy is p=reject ...
1
vote
0
answers
2k
views
What is wrong with this e-mail which is failing SPF(mailfrom) and DMARC?
This is a follow-up from "Why is my opendmarc failing pretty much everything that comes through?". I'm really struggling to understand what is going on.
Outgoing mail is verified correctly by the ...
1
vote
2
answers
5k
views
Configure postfix to DKIM-sign emails generated from the system
My web hosting server features a Postfix setup up and running. That postfix is also open with STARTTLS on port 587 for authorized users (only me, myself and I right now) to send emails to any domain ...
0
votes
1
answer
665
views
dmarc. Why do I receive failed SPF or DKIM authentication reports for forwarders?
I set _dmarc to see my email authentication reports (in case it fails).
like that
"v=DMARC1;p=quarantine;pct=100;rua=mailto:[email protected]"
And I receive these reports form Google.
a ...
0
votes
2
answers
39
views
how to add multiple DMARC entries?
I use several different services to send out emails from my domain. I already have a CNAME record for _dmarc.mydomain.com that's set to mydomain.com.dmarc.emldlv.net for one service, however, another ...