Skip to main content

Questions tagged [dmarc]

Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.

Filter by
Sorted by
Tagged with
0 votes
0 answers
21 views

Should smtp_helo_name always be the same as your MX record?

I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this: "v=spf1 mx -all" The MX records in the zone are: mx0.mydomain.org.uk. ...
0 votes
0 answers
11 views

openarc: can't parse Authentication-Results

I've just set up openarc on fedora38 with postfix-3.7.9. I believe it's working properly, but I have a few questions. I'm seeing messages like this periodically. I've found another similar report from ...
0 votes
1 answer
5k views

550-5.7.26 Unauthenticated email from domain is not accepted due on ERP only

I have made updates to our mail server to use DMARC. So after This our ERP system cannot send emails to gmail.com or yahoo.com but Outlook sends emails with no problems. Below is the header for an ...
3 votes
1 answer
533 views

How to get SPF alignment to pass DMARC for a subdomain?

I have the following DNS configuration: $ dig +noall +answer -t txt example.com example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all" $ dig +noall +...
0 votes
1 answer
38 views

DMARC Authentication in SendGrid is expecting a different value from the current one

I have one SendGrid account [email protected], I have been using it to send transactional emails from [email protected]. When I check the account [email protected], I realized that ...
0 votes
2 answers
39 views

how to add multiple DMARC entries?

I use several different services to send out emails from my domain. I already have a CNAME record for _dmarc.mydomain.com that's set to mydomain.com.dmarc.emldlv.net for one service, however, another ...
0 votes
1 answer
65 views

Trying to figure out a DMARC/DKIM situation

I recently helped a friend implement DMARC/DKIM/SPF and got a report that makes no sense to me. Their domain is hosted on SquareSpace, they use Google Apps for email, and Mailchimp for mailing lists. ...
1 vote
1 answer
117 views

Understanding DMARC report - DKIM pass on SPF fail

I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following: <?xml version="1.0" encoding="UTF-8" ?> <feedback>...
16 votes
1 answer
6k views

DKIM: Can I use a RSA key larger than 2048bit, i.e. 4096?

I wonder if I can simply use a 4096bit RSA key for DKIM (in DNS TXT Record). Are there any downsides (neglecting computational effort)? Maybe there are mail servers which can't handle a key this large?...
0 votes
1 answer
162 views

"Undelivered Mail Returned to Sender: DMARC check failed" from forwarded mails

I'm using Procmail to forward mails to another server. I'm often getting an error message from the recipient server: host smtp-in.orange.fr[80.12.26.32] said: 501 5.2.0 y8XgrepnBNXb2 Mail rejete. ...
1 vote
2 answers
5k views

Configure postfix to DKIM-sign emails generated from the system

My web hosting server features a Postfix setup up and running. That postfix is also open with STARTTLS on port 587 for authorized users (only me, myself and I right now) to send emails to any domain ...
0 votes
0 answers
70 views

What are these DMARC failures about?

I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
0 votes
0 answers
72 views

DMARC, SPF and DNS wildcards

My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname: example.com sales.example.com internal.example.com mail.example.com I initially ...
0 votes
0 answers
176 views

This relay isn't allowed to send mail "From" gmail.com

I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
0 votes
1 answer
79 views

AWS-SES sending from one site, from is another site - will DMARC help or hurt

Alright, to keep this simple: I have a project that is using AWS's SES to send transactional emails. The project is hosted on one site (let's call it example-site.com), but for reasons, the From: is ...
0 votes
1 answer
169 views

SPF failing even though source IP is in the SPF record

I've seen (and think I understand) when DMARC checks fail on SPF because, e.g. the email has been forwarded and such like. But I don't think this is the case here. All checks on sites like MXtoolbox ...
46 votes
5 answers
79k views

Find DKIM and DMARC Records?

Is there a method to find a domain's DKIM and DMARC records using dig or nslookup? I have attempted to do the following: dig somedomain.org any returns many records, but not the known DKIM and ...
-1 votes
1 answer
88 views

Phishing email but with SPF, DKIM and DMARC in "PASS" status

I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...
1 vote
2 answers
3k views

How to set Exim envelope domain to From domain

I've set up DKIM on Exim with the domain set like: DKIM_DOMAIN = ${sender_address_domain} However, the domain is always set to the same domain (my primary domain), which causes DMARC validation to ...
13 votes
3 answers
13k views

Why does DMARC operate on the From-address, and not the envelope sender (Return-Path)?

Several emails sent from my webserver to a Gmail address, where the From: address is [email protected], have been marked as spam by Gmail. The From: field is populated from form data, and ...
5 votes
2 answers
2k views

Turn off DMARC report for pass

I would like to receive reports only for DMARC quarantined mail and failures, but I still receive mails for every successful e-mail that has been sent from my server. Configuration in dns looks like ...
-1 votes
2 answers
116 views

O365/Exchange: Send From: external domain using connector and transport rule?

I have a successful and working 365 install (it's just family, but we're an Enterprise tenant because we have multiple domains.) Everything is working fine and I've recently been reviewing and ...
0 votes
1 answer
554 views

SPF spf.protection.outlook.com is invalid for messages within tenant

When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...
6 votes
1 answer
637 views

Is email deliverability impossible with a .name email address?

I have a dot name domain. .name is an odd TLD: they originally only offered third level domains, eg first.last.name, so that more people could get their own name. They also included the first@last....
1 vote
1 answer
1k views

Is it a good idea to add `calendar-server.bounces.google.com` to my SPF record?

I'm trying to maximize my company's email deliverability and DMARC reports tell me we are failing DMARC SPF alignment with calendar-server.bounces.google.com which I suspect is the email server ...
0 votes
2 answers
443 views

Why does my DMARC report from Google have "<dkim>fail</dkim>" when all auth_results have "pass"

We're using Microsoft 365 (outlook.office.com) for our company emails and have had DKIM set up for a while, but recently added a DMARC record. I now got a DMARC report from Google where every record ...
0 votes
2 answers
735 views

DMARC without rua... proper format?

Yahoo and Google are now requiring DMARC according to Shopify. I have been setting them up for my clients, but I don't need the aggregate reporting. I only need it so that these companies can verify ...
0 votes
0 answers
105 views

Incorrect dmarc record landing some mail in spam

I have just received notice from one of our partners that some of our emails sent via AWS SES are being flagged by their email provider as potential spoof DMARC. We used route 53 to add all our DNS ...
0 votes
0 answers
39 views

Postfix - Only allow relaying when sent from local user

At the moment, our Postfix + Dovecot mail system has two types of users: those with a full account and those with only a forwarder. Users with a full account are in the virtual_aliases table pointing ...
0 votes
2 answers
122 views

Should we add SPF records of popular email providers?

DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers. DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
0 votes
0 answers
176 views

DMARC and Postfix delivery reports

I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests. The headers of regular messages (sent via my mailserver) look ...
0 votes
2 answers
253 views

Sendmail unable to email to specific domain

I have a server running Sendmail and is able to email to all domains except my company's email (company1.com). I have tested to sending to gmail and other email providers with no issues. Sendmail is ...
0 votes
2 answers
150 views

A Non-MX mail server + Google Workspace, is this viable?

I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
0 votes
1 answer
947 views

Should HELO, MAILFROM and From use the same domain?

I configured a mail server a couple of times before and I believe back then I thought that the answer is "yes." But I'm about to configure another one, and it seems that I was wrong. Let's ...
0 votes
0 answers
42 views

Getting Spoofed - DMARC , DKIM and SPF are properly setup (AFIK)

I have been testing my DMARC policy for some weeks and I ran into this issue. Background: SPF - setup and working DKIM - set up and working (AFIK) DMARC - set up and working - looking for alignments ...
1 vote
2 answers
420 views

Email message headers pass SPF check after failing earlier SPF checks. Will this result in spam?

I have an issue where email is being marked as spam by Gmail/Google Apps systems. When reading the mail headers, the most recent SPF check in the mail chain passes, but earlier checks fail. That is, ...
0 votes
0 answers
82 views

Change mail from header in sendmail

We have two separate RTs (request trackers) configured on one server. They both are configured to send the emails through sendmail. We are trying to configure now SPF and DMARC records for these DNS ...
1 vote
0 answers
335 views

DMARC reports no longer being received from google

We are seeing a large number of DMARC rejects from google from emails that have both a valid DKIM signature and a valid SPF sender. We have validated this by sending the same emails to other ISPs and ...
0 votes
1 answer
167 views

Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?

I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
0 votes
2 answers
2k views

How to setup DMARC for both AWS SES and Office 365

I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
0 votes
2 answers
356 views

Changing SPF record from ~all to -all where employee inboxes are with Google and Amazon SES is used for website transactional emails

I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...
6 votes
2 answers
4k views

Why does spf fail in DMARC report from Google?

I recently received a DMARC report from Google alerting me of a few SPF failures with mail originating from IP addresses belonging to Amazon SES. A sample record is as follows (I have replaced our ...
1 vote
2 answers
3k views

Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?

I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
0 votes
1 answer
425 views

Hotmail does not flag or remove phishing messages from email addresses on a domain with SPF enabled [closed]

The email address of the sender of our newsletter is used for phishing purposes. We do have a valid SPF record (ends with -all) and dmarc on our domain (confirmed by mxtoolbox.com : every checks are ...
0 votes
1 answer
206 views

Mail proxy with SPF and DMARC without changing FROM headers

Here is my situation. We have internal network, with lots of 2nd level subdomains - foo.internal.domain.ltd as example. Those subdomains may or may not have public DNS records with Class A IPs. Then, ...
0 votes
1 answer
80 views

DKIM and how it relates to DMARC reports

I've been tasked with setting up DKIM, SPF and DMARC for a business. I come from more of a development background, so as a result, I've been a bit confused on how to interpret the DMARC reports I'm ...
2 votes
3 answers
5k views

DMARC record not found

I'm trying to set up DKIM, SPF and DMARC on my mail server. Although DKIM and SPF work fine (as reported by [email protected]) i can't seem to get DMARC to work. Both mxtoolbox.com and ...
7 votes
1 answer
445 views

Which has bigger priority between DMARC and SPF?

First off let me start by saying I understand DMARC and SPF do not do the same thing. However both have an option to tell the receiving servers what to do with mails that do not pass SPF (and DKIM in ...
-1 votes
1 answer
818 views

DNS Records - CNAME

Quite newbie, so sorry any unconnected data. I am creating a DKIM and SPF records to emulate DMARC as a workaround. An external vendor of us, want to send emails under our domain using a subdomain. I ...
1 vote
1 answer
260 views

Apparent DMARC External Validation query failure

I've got multiple domains hosted on a single Linode instance. As a result of some routine anti-spam checking the wonderful mxtoolbox (no affiliation) reports this: DMARC External Validation External ...

1
2 3 4 5 6