Questions tagged [dmarc]
Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.
253
questions
0
votes
0
answers
21
views
Should smtp_helo_name always be the same as your MX record?
I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this:
"v=spf1 mx -all"
The MX records in the zone are:
mx0.mydomain.org.uk. ...
- 507
0
votes
0
answers
11
views
openarc: can't parse Authentication-Results
I've just set up openarc on fedora38 with postfix-3.7.9. I believe it's working properly, but I have a few questions.
I'm seeing messages like this periodically. I've found another similar report from ...
- 123
0
votes
1
answer
5k
views
550-5.7.26 Unauthenticated email from domain is not accepted due on ERP only
I have made updates to our mail server to use DMARC. So after This our ERP system cannot send emails to gmail.com or yahoo.com but Outlook sends emails with no problems.
Below is the header for an ...
CommunityBot
- 1
3
votes
1
answer
533
views
How to get SPF alignment to pass DMARC for a subdomain?
I have the following DNS configuration:
$ dig +noall +answer -t txt example.com
example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all"
$ dig +noall +...
- 3,872
0
votes
1
answer
38
views
DMARC Authentication in SendGrid is expecting a different value from the current one
I have one SendGrid account [email protected], I have been using it to send transactional emails from [email protected]. When I check the account [email protected], I realized that ...
- 161
0
votes
2
answers
39
views
how to add multiple DMARC entries?
I use several different services to send out emails from my domain. I already have a CNAME record for _dmarc.mydomain.com that's set to mydomain.com.dmarc.emldlv.net for one service, however, another ...
- 161
0
votes
1
answer
65
views
Trying to figure out a DMARC/DKIM situation
I recently helped a friend implement DMARC/DKIM/SPF and got a report that makes no sense to me.
Their domain is hosted on SquareSpace, they use Google Apps for email, and Mailchimp for mailing lists. ...
- 1,057
1
vote
1
answer
117
views
Understanding DMARC report - DKIM pass on SPF fail
I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>...
- 50.2k
16
votes
1
answer
6k
views
DKIM: Can I use a RSA key larger than 2048bit, i.e. 4096?
I wonder if I can simply use a 4096bit RSA key for DKIM (in DNS TXT Record).
Are there any downsides (neglecting computational effort)?
Maybe there are mail servers which can't handle a key this large?...
- 2,517
0
votes
1
answer
162
views
"Undelivered Mail Returned to Sender: DMARC check failed" from forwarded mails
I'm using Procmail to forward mails to another server.
I'm often getting an error message from the recipient server:
host smtp-in.orange.fr[80.12.26.32] said: 501 5.2.0
y8XgrepnBNXb2 Mail rejete. ...
- 1,514
1
vote
2
answers
5k
views
Configure postfix to DKIM-sign emails generated from the system
My web hosting server features a Postfix setup up and running. That postfix is also open with STARTTLS on port 587 for authorized users (only me, myself and I right now) to send emails to any domain ...
- 802
0
votes
0
answers
70
views
What are these DMARC failures about?
I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
- 103
0
votes
0
answers
72
views
DMARC, SPF and DNS wildcards
My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname:
example.com
sales.example.com
internal.example.com
mail.example.com
I initially ...
- 267
0
votes
0
answers
176
views
This relay isn't allowed to send mail "From" gmail.com
I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
- 2,232
0
votes
1
answer
79
views
AWS-SES sending from one site, from is another site - will DMARC help or hurt
Alright, to keep this simple:
I have a project that is using AWS's SES to send transactional emails. The project is hosted on one site (let's call it example-site.com), but for reasons, the From: is ...
- 161
0
votes
1
answer
169
views
SPF failing even though source IP is in the SPF record
I've seen (and think I understand) when DMARC checks fail on SPF because, e.g. the email has been forwarded and such like. But I don't think this is the case here. All checks on sites like MXtoolbox ...
- 161
46
votes
5
answers
79k
views
Find DKIM and DMARC Records?
Is there a method to find a domain's DKIM and DMARC records using dig or nslookup?
I have attempted to do the following:
dig somedomain.org any
returns many records, but not the known DKIM and ...
- 155
-1
votes
1
answer
88
views
Phishing email but with SPF, DKIM and DMARC in "PASS" status
I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...
- 50.2k
1
vote
2
answers
3k
views
How to set Exim envelope domain to From domain
I've set up DKIM on Exim with the domain set like:
DKIM_DOMAIN = ${sender_address_domain}
However, the domain is always set to the same domain (my primary domain), which causes DMARC validation to ...
- 323
13
votes
3
answers
13k
views
Why does DMARC operate on the From-address, and not the envelope sender (Return-Path)?
Several emails sent from my webserver to a Gmail address, where the From: address is [email protected], have been marked as spam by Gmail. The From: field is populated from form data, and ...
5
votes
2
answers
2k
views
Turn off DMARC report for pass
I would like to receive reports only for DMARC quarantined mail and failures, but I still receive mails for every successful e-mail that has been sent from my server.
Configuration in dns looks like ...
-1
votes
2
answers
116
views
O365/Exchange: Send From: external domain using connector and transport rule?
I have a successful and working 365 install (it's just family, but we're an Enterprise tenant because we have multiple domains.) Everything is working fine and I've recently been reviewing and ...
- 129
0
votes
1
answer
554
views
SPF spf.protection.outlook.com is invalid for messages within tenant
When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...
- 9
6
votes
1
answer
637
views
Is email deliverability impossible with a .name email address?
I have a dot name domain. .name is an odd TLD: they originally only offered third level domains, eg first.last.name, so that more people could get their own name. They also included the first@last....
1
vote
1
answer
1k
views
Is it a good idea to add `calendar-server.bounces.google.com` to my SPF record?
I'm trying to maximize my company's email deliverability and DMARC reports tell me we are failing DMARC SPF alignment with calendar-server.bounces.google.com which I suspect is the email server ...
- 9,872
0
votes
2
answers
443
views
Why does my DMARC report from Google have "<dkim>fail</dkim>" when all auth_results have "pass"
We're using Microsoft 365 (outlook.office.com) for our company emails and have had DKIM set up for a while, but recently added a DMARC record. I now got a DMARC report from Google where every record ...
- 111k
0
votes
2
answers
735
views
DMARC without rua... proper format?
Yahoo and Google are now requiring DMARC according to Shopify. I have been setting them up for my clients, but I don't need the aggregate reporting. I only need it so that these companies can verify ...
- 50.2k
0
votes
0
answers
105
views
Incorrect dmarc record landing some mail in spam
I have just received notice from one of our partners that some of our emails sent via AWS SES are being flagged by their email provider as potential spoof DMARC.
We used route 53 to add all our DNS ...
- 101
0
votes
0
answers
39
views
Postfix - Only allow relaying when sent from local user
At the moment, our Postfix + Dovecot mail system has two types of users: those with a full account and those with only a forwarder.
Users with a full account are in the virtual_aliases table pointing ...
- 101
0
votes
2
answers
122
views
Should we add SPF records of popular email providers?
DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers.
DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
- 1,057
0
votes
0
answers
176
views
DMARC and Postfix delivery reports
I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests.
The headers of regular messages (sent via my mailserver) look ...
- 267
0
votes
2
answers
253
views
Sendmail unable to email to specific domain
I have a server running Sendmail and is able to email to all domains except my company's email (company1.com). I have tested to sending to gmail and other email providers with no issues. Sendmail is ...
0
votes
2
answers
150
views
A Non-MX mail server + Google Workspace, is this viable?
I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
- 50.2k
0
votes
1
answer
947
views
Should HELO, MAILFROM and From use the same domain?
I configured a mail server a couple of times before and I believe back then I thought
that the answer is "yes."
But I'm about to configure another one, and it seems that I was wrong. Let's ...
- 2,328
0
votes
0
answers
42
views
Getting Spoofed - DMARC , DKIM and SPF are properly setup (AFIK)
I have been testing my DMARC policy for some weeks and I ran into this issue. Background:
SPF - setup and working
DKIM - set up and working (AFIK)
DMARC - set up and working - looking for alignments ...
- 1
1
vote
2
answers
420
views
Email message headers pass SPF check after failing earlier SPF checks. Will this result in spam?
I have an issue where email is being marked as spam by Gmail/Google Apps systems.
When reading the mail headers, the most recent SPF check in the mail chain passes, but earlier checks fail. That is, ...
0
votes
0
answers
82
views
Change mail from header in sendmail
We have two separate RTs (request trackers) configured on one server. They both are configured to send the emails through sendmail.
We are trying to configure now SPF and DMARC records for these DNS ...
1
vote
0
answers
335
views
DMARC reports no longer being received from google
We are seeing a large number of DMARC rejects from google from emails that have both a valid DKIM signature and a valid SPF sender. We have validated this by sending the same emails to other ISPs and ...
- 141
0
votes
1
answer
167
views
Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?
I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
- 23
0
votes
2
answers
2k
views
How to setup DMARC for both AWS SES and Office 365
I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
- 435
0
votes
2
answers
356
views
Changing SPF record from ~all to -all where employee inboxes are with Google and Amazon SES is used for website transactional emails
I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...
- 165
6
votes
2
answers
4k
views
Why does spf fail in DMARC report from Google?
I recently received a DMARC report from Google alerting me of a few SPF failures with mail originating from IP addresses belonging to Amazon SES. A sample record is as follows (I have replaced our ...
- 31
1
vote
2
answers
3k
views
Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?
I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
- 11
0
votes
1
answer
425
views
Hotmail does not flag or remove phishing messages from email addresses on a domain with SPF enabled [closed]
The email address of the sender of our newsletter is used for phishing purposes. We do have a valid SPF record (ends with -all) and dmarc on our domain (confirmed by mxtoolbox.com : every checks are ...
- 1,033
0
votes
1
answer
206
views
Mail proxy with SPF and DMARC without changing FROM headers
Here is my situation.
We have internal network, with lots of 2nd level subdomains - foo.internal.domain.ltd as example.
Those subdomains may or may not have public DNS records with Class A IPs.
Then, ...
- 9,872
0
votes
1
answer
80
views
DKIM and how it relates to DMARC reports
I've been tasked with setting up DKIM, SPF and DMARC for a business. I come from more of a development background, so as a result, I've been a bit confused on how to interpret the DMARC reports I'm ...
2
votes
3
answers
5k
views
DMARC record not found
I'm trying to set up DKIM, SPF and DMARC on my mail server. Although DKIM and SPF work fine (as reported by [email protected]) i can't seem to get DMARC to work.
Both mxtoolbox.com and ...
7
votes
1
answer
445
views
Which has bigger priority between DMARC and SPF?
First off let me start by saying I understand DMARC and SPF do not do the same thing.
However both have an option to tell the receiving servers what to do with mails that do not pass SPF (and DKIM in ...
- 3,187
-1
votes
1
answer
818
views
DNS Records - CNAME
Quite newbie, so sorry any unconnected data. I am creating a DKIM and SPF records to emulate DMARC as a workaround. An external vendor of us, want to send emails under our domain using a subdomain.
I ...
- 341
1
vote
1
answer
260
views
Apparent DMARC External Validation query failure
I've got multiple domains hosted on a single Linode instance. As a result of some routine anti-spam checking the wonderful mxtoolbox (no affiliation) reports this:
DMARC External Validation External ...
- 195