Here is my situation.
We have internal network, with lots of 2nd level subdomains - foo.internal.domain.ltd
as example.
Those subdomains may or may not have public DNS records with Class A IPs.
Then, we have a single subdomain, that acts as a proxy - proxy.internal.domain.ltd
.
It has public IP address with the following DNS records:
A record - IN A <IPv4 of the VM>
MX record - IN MX 10 proxy.internal.domain.ltd.
TXT record - `IN TXT "v=spf1 a mx ip4: ~all"
DMARC record -
_dmarc.proxy.internal.domain.ltd IN TXT v=DMARC1; p=none; rua=mailto:[email protected]; pct=100; adkim=r; aspf=r; fo=0"
All of the mail sending is handled by Postfix, be it from the proxy or the proxied-over ones.
Is it possible to have both SPF and DMARC enabled for the proxy.internal.domain.ltd
, and send mails from foo.internal.domain.ltd
with the FROM being [email protected]
?
Sending to Gmail results in getting some bounce backs with the following error:
Host or domain name not found. Name service error for name=foo.internal.domain.ltd type=A: Host not found
and
Our system has detected that this message is 550-5.7.1 likely unsolicited mail
In case it passes (for example, not using Test mails, but legit template), it gets marked as Spam, despite having both SPF and DMARC passing.
Our public IP ranges are not blacklisted anywhere.
If using both SPF and DMARC in this use case is not going to work out, will only SPF (with either -all
or ~all
) be enough to prevent possible spoofing by 3rd party and bouncebacks from Google?