0

I have just received notice from one of our partners that some of our emails sent via AWS SES are being flagged by their email provider as potential spoof DMARC.

We used route 53 to add all our DNS records and G-Suite to manage our email addresses.

Here is our current DMARC record:

Name: _dmarc
TTL: 3600
Values: v=DMARC1; p=quarantine; rua=mailto:[email protected]; pct=90; sp=none

Here is our SPF record which I am told can be related to DMARC:

TTL: 3600
v=spf1 include:_spf.google.com include:amazonses.com ~all

Can anyone see where I may have gone wrong? I am quite new to this and online DMARC analyzers are not proving to be very helpful...

Here is the report they sent me:

enter image description here

Thanks

3
  • they should send the report, moreover i would set pct=100 if any report is generated so that it will get delivered to the mail, remember that it will get spammed due its public availability
    – djdomi
    Commented Dec 21, 2023 at 20:22
  • The report doesn't have any useful details. The message headers would be required before anyone could answer this question. Commented Dec 22, 2023 at 5:18
  • 1
    Check if you are using a custom Mail From domain. If you are, you need a different SPF record. docs.aws.amazon.com/ses/latest/dg/… If that is not the case, check that the domain sending the mail is the one with the SPF record. Meaning you are sending from mydomain.net, but the SPF record is on mydomain.com. Finally if you are not using a DMARC aggregation service, it will be super helpful, even the free or low cost tiers.
    – Tim P
    Commented Jan 2 at 17:48

0

You must log in to answer this question.

Browse other questions tagged .