Skip to main content

All Questions

Tagged with
Filter by
Sorted by
Tagged with
0 votes
0 answers
21 views

Should smtp_helo_name always be the same as your MX record?

I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this: "v=spf1 mx -all" The MX records in the zone are: mx0.mydomain.org.uk. ...
TommyPeanuts's user avatar
1 vote
1 answer
117 views

Understanding DMARC report - DKIM pass on SPF fail

I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following: <?xml version="1.0" encoding="UTF-8" ?> <feedback>...
gdldg's user avatar
  • 13
0 votes
0 answers
70 views

What are these DMARC failures about?

I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
Rob Brandt's user avatar
0 votes
0 answers
72 views

DMARC, SPF and DNS wildcards

My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname: example.com sales.example.com internal.example.com mail.example.com I initially ...
janeden's user avatar
  • 267
3 votes
1 answer
533 views

How to get SPF alignment to pass DMARC for a subdomain?

I have the following DNS configuration: $ dig +noall +answer -t txt example.com example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all" $ dig +noall +...
tftd's user avatar
  • 1,550
0 votes
0 answers
176 views

This relay isn't allowed to send mail "From" gmail.com

I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
user1409214's user avatar
0 votes
1 answer
169 views

SPF failing even though source IP is in the SPF record

I've seen (and think I understand) when DMARC checks fail on SPF because, e.g. the email has been forwarded and such like. But I don't think this is the case here. All checks on sites like MXtoolbox ...
Darren's user avatar
  • 335
-1 votes
1 answer
88 views

Phishing email but with SPF, DKIM and DMARC in "PASS" status

I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...
sqrt-1's user avatar
  • 47
0 votes
1 answer
554 views

SPF spf.protection.outlook.com is invalid for messages within tenant

When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...
JohnLBevan's user avatar
  • 1,344
1 vote
1 answer
1k views

Is it a good idea to add `calendar-server.bounces.google.com` to my SPF record?

I'm trying to maximize my company's email deliverability and DMARC reports tell me we are failing DMARC SPF alignment with calendar-server.bounces.google.com which I suspect is the email server ...
Juan Pablo Santos's user avatar
0 votes
2 answers
122 views

Should we add SPF records of popular email providers?

DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers. DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
rvh's user avatar
  • 121
0 votes
0 answers
176 views

DMARC and Postfix delivery reports

I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests. The headers of regular messages (sent via my mailserver) look ...
janeden's user avatar
  • 267
0 votes
2 answers
150 views

A Non-MX mail server + Google Workspace, is this viable?

I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
x-yuri's user avatar
  • 2,328
0 votes
1 answer
947 views

Should HELO, MAILFROM and From use the same domain?

I configured a mail server a couple of times before and I believe back then I thought that the answer is "yes." But I'm about to configure another one, and it seems that I was wrong. Let's ...
x-yuri's user avatar
  • 2,328
1 vote
2 answers
420 views

Email message headers pass SPF check after failing earlier SPF checks. Will this result in spam?

I have an issue where email is being marked as spam by Gmail/Google Apps systems. When reading the mail headers, the most recent SPF check in the mail chain passes, but earlier checks fail. That is, ...
Ned Martin's user avatar
0 votes
0 answers
82 views

Change mail from header in sendmail

We have two separate RTs (request trackers) configured on one server. They both are configured to send the emails through sendmail. We are trying to configure now SPF and DMARC records for these DNS ...
Julia Mala's user avatar
0 votes
1 answer
167 views

Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?

I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
cssdev's user avatar
  • 23
0 votes
2 answers
2k views

How to setup DMARC for both AWS SES and Office 365

I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
Russell G's user avatar
  • 163
0 votes
2 answers
356 views

Changing SPF record from ~all to -all where employee inboxes are with Google and Amazon SES is used for website transactional emails

I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...
sdek's user avatar
  • 165
1 vote
2 answers
3k views

Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?

I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
John Doe's user avatar
  • 365
0 votes
1 answer
425 views

Hotmail does not flag or remove phishing messages from email addresses on a domain with SPF enabled [closed]

The email address of the sender of our newsletter is used for phishing purposes. We do have a valid SPF record (ends with -all) and dmarc on our domain (confirmed by mxtoolbox.com : every checks are ...
sglessard's user avatar
  • 109
0 votes
1 answer
206 views

Mail proxy with SPF and DMARC without changing FROM headers

Here is my situation. We have internal network, with lots of 2nd level subdomains - foo.internal.domain.ltd as example. Those subdomains may or may not have public DNS records with Class A IPs. Then, ...
ku4eto's user avatar
  • 305
7 votes
1 answer
445 views

Which has bigger priority between DMARC and SPF?

First off let me start by saying I understand DMARC and SPF do not do the same thing. However both have an option to tell the receiving servers what to do with mails that do not pass SPF (and DKIM in ...
Frizlab's user avatar
  • 173
2 votes
1 answer
741 views

How do i receive DMARC reports with external domains that i have no permission to control

I want to receive reports with gmail or outlook or anything else that i have no permission to add (mydomain.com)._report._dmarc.(gmail|outlook).com as a record. What i can do? Example just like: v=...
ShenLin's user avatar
  • 63
1 vote
1 answer
359 views

I setup DMARC p=reject on server but now I can't send via gmail to gmail (using server email From address)

Did I shoot myself in the foot ? I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the ...
Peter's user avatar
  • 113
0 votes
1 answer
226 views

How to proper dns zone config for selfhosted email server

Looking to harden the sending authentication of my email server, I am looking for some usefull hints on the topic. As I have in total 4 Vps Servers where emails will be send from, registration ...
KaliMucho's user avatar
1 vote
2 answers
343 views

Should we enhance DMARC to allow aligned DKIM enforcement?

Currently, DMARC only requires aligned DKIM or SPF. However spoofing SPF is relatively simple for an experienced hacker: You should only control a single IP address in the often large SPF range of e-...
m7913d's user avatar
  • 121
1 vote
2 answers
207 views

I don't understand DMARC reports regarding my policy

My DMARC settings seems to not work as expected. First, a few things to note: The domain is mydomain.com (not the real one obviously) ; The domain and mail provider is gandi.net ; I use Amazon SES to ...
Karl.S's user avatar
  • 115
0 votes
0 answers
90 views

Correct SPF record

I have been asked to apply DMARC protection to a domain. Part of this requires me to add an DNS record to the domain management console, however I have come across a stumbling block. The DMARC checker ...
Max Johnson's user avatar
0 votes
1 answer
108 views

Managing SPF with multiple users on an email provider

I'm using Ipower for web and email hosting. I was recently made aware that SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam. I updated both records and they worked ...
Neil C's user avatar
  • 9
7 votes
3 answers
2k views

Strange characters appearing in some DNS checkers, but not others for DKIM and SPF, possibly causing DMARC to fail

Emails sent from all 3 email addresses I have set up in the Rackspace Cloudways Add-On are ending up in Spam in GMail. When I "View Original Message" in GMail, I see... SPF: NEUTRAL with ...
clayRay's user avatar
  • 181
1 vote
3 answers
501 views

SPF FAIL but DKIM PASS with my own domain

I do not understand the fail results in the following google DMARC report to our domain. I understand that the SPF fails because the IP address is not ours but if so, how come DKIM passes? <...
Kevin Roma's user avatar
2 votes
1 answer
927 views

DKIM & SPF Allignment for Subdomains

We have a primary domain name example.com that has both adkim=s and aspf=s defined in its DMARC policy. Now, we have multiple subdomain names for this primary domain, such as postman.example.com. The ...
Granwille's user avatar
  • 131
2 votes
1 answer
4k views

DMARC record is valid, but your domain's None/Quarantine policy does not yet protect it against email spoofing and phishing

People, Using the website: https://easydmarc.com/tools/dmarc-lookup?domain=name.com I got this error: DMARC record is valid, but your domain's None/Quarantine policy does not yet protect it against ...
Senior Systems Engineer's user avatar
1 vote
1 answer
949 views

DMARC reports - fail then pass, and "softfail"

Here are two records from reports, with the actual domain name of my client replaced with "example.com". In the first one, SPF is marked "fail" above under "policy_evaluated&...
Devin Ceartas's user avatar
0 votes
1 answer
1k views

Network Solutions DNS not always returning DKIM and SPF records

If there is a more appropriate place to ask this or it is a duplicate, please tell me. I have a client who hosts their domains with Network Solutions. Some of their emails were bouncing due to ...
jdmayfield's user avatar
1 vote
2 answers
219 views

Does this report mean someone is attempting to send emails fraudulently or that I have things configured wrong?

Pretty new to spf/dkim and dmark. After setting this up just this morning I already got a report on a new website. Our service eamils our users via sendgrid and the rest of the emails are sent from ...
John's user avatar
  • 907
0 votes
0 answers
176 views

postfix to gmail silent delivery failure

With the impending turndown of free hosted Google workspace accounts, I'm trying to install my own mail server using postfix/dovecot/opendkim. Mostly, it's working and for many of the services I've ...
PaulProgrammer's user avatar
17 votes
3 answers
8k views

SPF/DKIM/DMARC for Gmail "Send mail as" via smtp.gmail.com on external domain

Since "Google Apps" / "Google Apps for business" / "G-Suite" / "Google Workspaces" free tier is being discontinued, I need a solution to migrate my ~30 extended ...
Ozzah's user avatar
  • 279
0 votes
0 answers
508 views

Softfail on forwarded emails sent through Yahoo mail - Is there a fix?

happy to be here. Excuse me for the wall of text but I am trying to help a friend who wants to keep on using his Yahoo mail for sending emails from his business email address. His mail server is on ...
Manou Allou's user avatar
0 votes
1 answer
2k views

How can it be possible dkim fails whereas spf pass

I have set up a postfix which sends emails. I have configure spf, dkim and dmarc (with p=none). I have checked with mail-tester: spf and dkim work fine. I have set up a dmarc rua in order to receive ...
Bob5421's user avatar
  • 429
3 votes
1 answer
2k views

How is this email passing DMARC?

Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.) This is disturbing, as it shows as "from foo.com", yet the sender ...
Lawrence Wagerfield's user avatar
0 votes
1 answer
598 views

How do I add individual mail-sending websites to my SPF record?

My company, which sends @example.co email from Google Workspace, HubSpot, and Salesforce, has the following SPF record in DNS: v=spf1 include:_spf.google.com include:_spf.salesforce.com include:...
ST7686's user avatar
  • 1
0 votes
1 answer
566 views

Why am I failing SPF only in my Google DMARC report?

Curious as to why my Google DMARC is coming back with a fail under SPF. Here is the report: <?xml version="1.0" encoding="UTF-8" ?> <feedback> <report_metadata> ...
2kreate's user avatar
2 votes
1 answer
2k views

Why do I get DMARC aggregate reports with no reported failures (G Suite + Amazon SES)?

Domain: franzoni.eu Such domain leverages G Suite (grandfathered free version) for receiving mail, but for various reasons (I prefer not to create users for M2M SMTP on G Suite, and I cannot use SMTP ...
Alan Franzoni's user avatar
6 votes
2 answers
4k views

Why does spf fail in DMARC report from Google?

I recently received a DMARC report from Google alerting me of a few SPF failures with mail originating from IP addresses belonging to Amazon SES. A sample record is as follows (I have replaced our ...
Leo Galleguillos's user avatar
1 vote
1 answer
195 views

Confused about SPF Records

I thought that ?all in SPF should not be used. Then I examinated SPF records of some local email provider companies and I found this: v=spf1 mx ip4:77.75.78.0/23 ip4:77.75.76.0/23 ip6:2a02:598::/32 ?...
Bear Black's user avatar
0 votes
1 answer
488 views

SPF record with DMARC policy is not picking up the policy

We are now going through security verification, and we are using SecurityScorecard for it. One of the issues that we are still trying to fight, is the SPF record. The details of the error are as ...
Alex A.'s user avatar
  • 101
6 votes
1 answer
4k views

Mail from Teams forwarded to Gmail marked as spam due to DMARC failure

When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account ([email protected]) when she is offline in Teams. The receiver set it up so that all ...
Johannes Egger's user avatar
1 vote
1 answer
311 views

DMARC failure for delivery report

I have a Docker-based mail server (Mailu) setup. It's working great except for delivery reports which are sent automatically (one of the user mailboxes is full and a "Quota exceeded" ...
andi's user avatar
  • 121