Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
1 vote
1 answer
117 views

Understanding DMARC report - DKIM pass on SPF fail

I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following: <?xml version="1.0" encoding="UTF-8" ?> <feedback>...
gdldg's user avatar
  • 13
0 votes
0 answers
70 views

What are these DMARC failures about?

I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
Rob Brandt's user avatar
3 votes
1 answer
533 views

How to get SPF alignment to pass DMARC for a subdomain?

I have the following DNS configuration: $ dig +noall +answer -t txt example.com example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all" $ dig +noall +...
tftd's user avatar
  • 1,550
0 votes
0 answers
176 views

This relay isn't allowed to send mail "From" gmail.com

I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
user1409214's user avatar
-1 votes
1 answer
88 views

Phishing email but with SPF, DKIM and DMARC in "PASS" status

I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...
sqrt-1's user avatar
  • 47
0 votes
1 answer
554 views

SPF spf.protection.outlook.com is invalid for messages within tenant

When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...
JohnLBevan's user avatar
  • 1,344
0 votes
2 answers
122 views

Should we add SPF records of popular email providers?

DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers. DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
rvh's user avatar
  • 121
0 votes
0 answers
176 views

DMARC and Postfix delivery reports

I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests. The headers of regular messages (sent via my mailserver) look ...
janeden's user avatar
  • 267
0 votes
2 answers
150 views

A Non-MX mail server + Google Workspace, is this viable?

I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
x-yuri's user avatar
  • 2,328
0 votes
1 answer
947 views

Should HELO, MAILFROM and From use the same domain?

I configured a mail server a couple of times before and I believe back then I thought that the answer is "yes." But I'm about to configure another one, and it seems that I was wrong. Let's ...
x-yuri's user avatar
  • 2,328
0 votes
1 answer
1k views

Postfix - can't send emails to gmail addresses via terminal

I have the following errors when trying to send emails to gmail addresses via my terminal: sudo tail /var/log/mail.log Jul 19 13:19:44 ubuntu-4gb-fsn1-1 postfix/cleanup[5780]: B4B8C5F4A3: message-id=&...
Run's user avatar
  • 101
0 votes
1 answer
167 views

Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?

I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
cssdev's user avatar
  • 23
0 votes
2 answers
2k views

How to setup DMARC for both AWS SES and Office 365

I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
Russell G's user avatar
  • 163
1 vote
2 answers
3k views

Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?

I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
John Doe's user avatar
  • 365
0 votes
0 answers
379 views

postfix configuration to prevent bounces when relaying to 3rd party (e.g. src -> my@work -> my@gmail)

i have an active mail relay that is using aliases as a main tool, at some point we started to get bounces for some emails. Source: somerandomsenderdomain.com Destination: myemaildomain.com ...
DrunkMice's user avatar
2 votes
1 answer
741 views

How do i receive DMARC reports with external domains that i have no permission to control

I want to receive reports with gmail or outlook or anything else that i have no permission to add (mydomain.com)._report._dmarc.(gmail|outlook).com as a record. What i can do? Example just like: v=...
ShenLin's user avatar
  • 63
1 vote
1 answer
359 views

I setup DMARC p=reject on server but now I can't send via gmail to gmail (using server email From address)

Did I shoot myself in the foot ? I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the ...
Peter's user avatar
  • 113
3 votes
0 answers
907 views

Set SPF to send email using Gmail

(Disclaimer: I totally suck at being a sysadmin) I am sending email for a domain using Gmail. The domain is partyboatcharters.com.au (I hope I am allowed to put domains here). Gmail is configured to ...
Merc's user avatar
  • 807
1 vote
2 answers
343 views

Should we enhance DMARC to allow aligned DKIM enforcement?

Currently, DMARC only requires aligned DKIM or SPF. However spoofing SPF is relatively simple for an experienced hacker: You should only control a single IP address in the often large SPF range of e-...
m7913d's user avatar
  • 121
1 vote
2 answers
207 views

I don't understand DMARC reports regarding my policy

My DMARC settings seems to not work as expected. First, a few things to note: The domain is mydomain.com (not the real one obviously) ; The domain and mail provider is gandi.net ; I use Amazon SES to ...
Karl.S's user avatar
  • 115
0 votes
1 answer
662 views

Email goes to spam even with valid SPF, DKIM and DMARC records, dynamic rDNS on AWS instance

I have an instance on AWS and fighting with sending emails through cPanel. All records are OK (checked on MX toolbox): SPF, DKIM, DMARC at the cPanel level and the WHM level (hostname). Even rDNS is ...
Adrian P.'s user avatar
  • 101
1 vote
3 answers
501 views

SPF FAIL but DKIM PASS with my own domain

I do not understand the fail results in the following google DMARC report to our domain. I understand that the SPF fails because the IP address is not ours but if so, how come DKIM passes? <...
Kevin Roma's user avatar
2 votes
1 answer
927 views

DKIM & SPF Allignment for Subdomains

We have a primary domain name example.com that has both adkim=s and aspf=s defined in its DMARC policy. Now, we have multiple subdomain names for this primary domain, such as postman.example.com. The ...
Granwille's user avatar
  • 131
2 votes
1 answer
4k views

DMARC record is valid, but your domain's None/Quarantine policy does not yet protect it against email spoofing and phishing

People, Using the website: https://easydmarc.com/tools/dmarc-lookup?domain=name.com I got this error: DMARC record is valid, but your domain's None/Quarantine policy does not yet protect it against ...
Senior Systems Engineer's user avatar
0 votes
1 answer
1k views

Network Solutions DNS not always returning DKIM and SPF records

If there is a more appropriate place to ask this or it is a duplicate, please tell me. I have a client who hosts their domains with Network Solutions. Some of their emails were bouncing due to ...
jdmayfield's user avatar
1 vote
2 answers
219 views

Does this report mean someone is attempting to send emails fraudulently or that I have things configured wrong?

Pretty new to spf/dkim and dmark. After setting this up just this morning I already got a report on a new website. Our service eamils our users via sendgrid and the rest of the emails are sent from ...
John's user avatar
  • 907
-1 votes
1 answer
979 views

Setup bind9 dns for setup DKIM and SPF records [closed]

Currently emails from my mail server is blocked by gmail. I want to setup DKIM and SPF records for my mail server.But web domain register doesn't allow me to setup DKIM and SPF records it says I need ...
Sandaru Akalanka's user avatar
1 vote
1 answer
899 views

How to replace "via amazonses.com" with my apps branding "via example.com" for the email identities in AWS SES?

So in SES - there are two ways to verify identities as I can see: Email identities Domain identities With domain identiies - it is easier to fix the "signed-by" and "mailed-by" ...
Rohan's user avatar
  • 135
8 votes
3 answers
1k views

Does SPF provide benefits along with DKIM+DMARC?

I have a domain I send emails from via Mailchimp and Google. I've set up DKIM for both of them and added a DMARC record too (for testing atm). I collect reports for DMARC failures and the overwhelming ...
Tamás Sallai's user avatar
3 votes
3 answers
698 views

How to set up DNS settings with a domain in the middle for DKIM and SPF?

I am working on a tool that helps the users send emails. I plan on using an MTA (Mail Transfer Agent) in the back end like AWS-SES or Sendgrid etc. In order for the emails to arrive successfully in ...
Rohan's user avatar
  • 135
0 votes
0 answers
176 views

postfix to gmail silent delivery failure

With the impending turndown of free hosted Google workspace accounts, I'm trying to install my own mail server using postfix/dovecot/opendkim. Mostly, it's working and for many of the services I've ...
PaulProgrammer's user avatar
17 votes
3 answers
8k views

SPF/DKIM/DMARC for Gmail "Send mail as" via smtp.gmail.com on external domain

Since "Google Apps" / "Google Apps for business" / "G-Suite" / "Google Workspaces" free tier is being discontinued, I need a solution to migrate my ~30 extended ...
Ozzah's user avatar
  • 279
0 votes
1 answer
2k views

How can it be possible dkim fails whereas spf pass

I have set up a postfix which sends emails. I have configure spf, dkim and dmarc (with p=none). I have checked with mail-tester: spf and dkim work fine. I have set up a dmarc rua in order to receive ...
Bob5421's user avatar
  • 429
3 votes
1 answer
2k views

How is this email passing DMARC?

Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.) This is disturbing, as it shows as "from foo.com", yet the sender ...
Lawrence Wagerfield's user avatar
0 votes
1 answer
598 views

How do I add individual mail-sending websites to my SPF record?

My company, which sends @example.co email from Google Workspace, HubSpot, and Salesforce, has the following SPF record in DNS: v=spf1 include:_spf.google.com include:_spf.salesforce.com include:...
ST7686's user avatar
  • 1
2 votes
1 answer
2k views

Why do I get DMARC aggregate reports with no reported failures (G Suite + Amazon SES)?

Domain: franzoni.eu Such domain leverages G Suite (grandfathered free version) for receiving mail, but for various reasons (I prefer not to create users for M2M SMTP on G Suite, and I cannot use SMTP ...
Alan Franzoni's user avatar
6 votes
2 answers
4k views

Why does spf fail in DMARC report from Google?

I recently received a DMARC report from Google alerting me of a few SPF failures with mail originating from IP addresses belonging to Amazon SES. A sample record is as follows (I have replaced our ...
Leo Galleguillos's user avatar
2 votes
1 answer
2k views

SpamAssassin: custom rules and score

For my mailserver, i want do add some custom rules and scores for spamasassin DKIM and SPF checks. Currently i use following custom settings: score DKIM_SIGNED 0 score DKIM_VALID -1 score ...
Tim Altgeld's user avatar
6 votes
1 answer
4k views

Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account ([email protected]) when she is offline in Teams. The receiver set it up so that all ...
Johannes Egger's user avatar
0 votes
1 answer
841 views

SPF/DKIM setup for a registrar's email forward

I have a number of domains with a registrar with straight forward forwards to another email address. The system has worked flawlessly for a lot of years over a lot of domains but recently I created a ...
Kevin_Wales's user avatar
1 vote
1 answer
237 views

SPF/DKIM and sending emails from parent domain

I'm trying to understand how apps such as greenhouse.io configure DNS for delegating email sending. In short, assume I am a SAAS provider saas.com and my customer is customer.com. I've seen that it is ...
ragebiswas's user avatar
5 votes
1 answer
6k views

why is this DMARC failing verification?

I get a 6.1/10 score on mail-tester.com, where the DMARC verification is the only relevant penalty (-3). * Your DKIM signature is valid * Your message failed the DMARC verification A DMARC policy ...
Stuck's user avatar
  • 153
3 votes
0 answers
694 views

Google G Suite DMARC + SPF + DKIM for user domain aliases fail Google Admin Toolbox CheckMX

I have set up the above in my Google's old G-Suite account for a User Domain Alias but am still getting two warning messages: https://webcoder.co.uk There were some non-critical problems detected with ...
webcoder.co.uk's user avatar
0 votes
1 answer
2k views

DMARC appears to fail, multiple DKIM signatures with one matching the from address

I am using a free outlook account. In the outlook account management portal I have added an alias for my custom domain ([email protected]). With this I am able to send mails from this alias, ...
Jorn Vanloofsvelt's user avatar
0 votes
0 answers
1k views

DMARC, DKIM, or SPF? Emails going into quarantine

I have never had to deal with DKIM, DMARC, or SPF records before; however, our SPF record is full (10, Cloudflare) and I have a vendor whose emails aren’t making it to our mailboxes. I made ...
Cody's user avatar
  • 1
0 votes
1 answer
123 views

DMARC report with passing O365 DKIM signature being sent by Google server

The dmarc report values are as follows: dkim_domain : mydomain.onmicrosoft.com dkim_result : pass selector : selector1-mydomain-onmicrosoft-com header_from : mydomain spf_domain : mydomain spf_result :...
Adam Winter's user avatar
1 vote
1 answer
844 views

DKIM signing for subdomain issue

I am in an environment that sends emails from different sources. We're a Google Workspace environment as well. The flow is as such: A user ([email protected]) in Gmail sends an email to an email group (...
Phyxiis's user avatar
  • 11
25 votes
5 answers
8k views

Does DKIM alone not solve the spam issue? Why do I need SPF?

FINAL EDIT : I was completely wrong about DKIM it seems, the signing domain does not have to be the same as the sender domain, thus the whole premise for my question is flawed. A lot of thanks to Paul ...
cornergraf's user avatar
0 votes
1 answer
96 views

Is everything OK based on this DMARC report?

Do I understand it correct that everything is OK and I have both SPF and DKIM configured correctly based on this report from Google? <?xml version="1.0" encoding="UTF-8" ?> &...
IvanD's user avatar
  • 103
6 votes
1 answer
637 views

Is email deliverability impossible with a .name email address?

I have a dot name domain. .name is an odd TLD: they originally only offered third level domains, eg first.last.name, so that more people could get their own name. They also included the first@last....
ryan's user avatar
  • 291