All Questions
147
questions
0
votes
0
answers
21
views
Should smtp_helo_name always be the same as your MX record?
I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this:
"v=spf1 mx -all"
The MX records in the zone are:
mx0.mydomain.org.uk. ...
1
vote
1
answer
117
views
Understanding DMARC report - DKIM pass on SPF fail
I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>...
0
votes
0
answers
70
views
What are these DMARC failures about?
I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...
0
votes
0
answers
72
views
DMARC, SPF and DNS wildcards
My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname:
example.com
sales.example.com
internal.example.com
mail.example.com
I initially ...
3
votes
1
answer
533
views
How to get SPF alignment to pass DMARC for a subdomain?
I have the following DNS configuration:
$ dig +noall +answer -t txt example.com
example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all"
$ dig +noall +...
0
votes
0
answers
176
views
This relay isn't allowed to send mail "From" gmail.com
I'm on GoDaddy and since about January 2024, I've been getting this message from various gmail and yahoo accounts: ECDHE-RSA-AES256-GCM-SHA384:256 CV=yes: SMTP error from remote mail server after end ...
0
votes
1
answer
169
views
SPF failing even though source IP is in the SPF record
I've seen (and think I understand) when DMARC checks fail on SPF because, e.g. the email has been forwarded and such like. But I don't think this is the case here. All checks on sites like MXtoolbox ...
-1
votes
1
answer
88
views
Phishing email but with SPF, DKIM and DMARC in "PASS" status
I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...
0
votes
1
answer
554
views
SPF spf.protection.outlook.com is invalid for messages within tenant
When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...
1
vote
1
answer
1k
views
Is it a good idea to add `calendar-server.bounces.google.com` to my SPF record?
I'm trying to maximize my company's email deliverability and DMARC reports tell me we are failing DMARC SPF alignment with calendar-server.bounces.google.com which I suspect is the email server ...
0
votes
2
answers
122
views
Should we add SPF records of popular email providers?
DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers.
DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...
0
votes
0
answers
176
views
DMARC and Postfix delivery reports
I successfully set up DMARC, DKIM and SPF for my mailserver's domain, but delivery reports created by Postfix fail the DKIM/SPF tests.
The headers of regular messages (sent via my mailserver) look ...
0
votes
2
answers
150
views
A Non-MX mail server + Google Workspace, is this viable?
I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...
0
votes
1
answer
947
views
Should HELO, MAILFROM and From use the same domain?
I configured a mail server a couple of times before and I believe back then I thought
that the answer is "yes."
But I'm about to configure another one, and it seems that I was wrong. Let's ...
1
vote
2
answers
420
views
Email message headers pass SPF check after failing earlier SPF checks. Will this result in spam?
I have an issue where email is being marked as spam by Gmail/Google Apps systems.
When reading the mail headers, the most recent SPF check in the mail chain passes, but earlier checks fail. That is, ...
0
votes
0
answers
82
views
Change mail from header in sendmail
We have two separate RTs (request trackers) configured on one server. They both are configured to send the emails through sendmail.
We are trying to configure now SPF and DMARC records for these DNS ...
0
votes
1
answer
167
views
Mail server running on a subdomain - how could email acceptance by other servers be influenced by dns records for different ips?
I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....
0
votes
2
answers
2k
views
How to setup DMARC for both AWS SES and Office 365
I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...
0
votes
2
answers
356
views
Changing SPF record from ~all to -all where employee inboxes are with Google and Amazon SES is used for website transactional emails
I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...
1
vote
2
answers
3k
views
Why does DMARC fail for forwarded emails from this particular domain when it passes for all other domains?
I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...
0
votes
1
answer
425
views
Hotmail does not flag or remove phishing messages from email addresses on a domain with SPF enabled [closed]
The email address of the sender of our newsletter is used for phishing purposes. We do have a valid SPF record (ends with -all) and dmarc on our domain (confirmed by mxtoolbox.com : every checks are ...
0
votes
1
answer
206
views
Mail proxy with SPF and DMARC without changing FROM headers
Here is my situation.
We have internal network, with lots of 2nd level subdomains - foo.internal.domain.ltd as example.
Those subdomains may or may not have public DNS records with Class A IPs.
Then, ...
7
votes
1
answer
445
views
Which has bigger priority between DMARC and SPF?
First off let me start by saying I understand DMARC and SPF do not do the same thing.
However both have an option to tell the receiving servers what to do with mails that do not pass SPF (and DKIM in ...
2
votes
1
answer
741
views
How do i receive DMARC reports with external domains that i have no permission to control
I want to receive reports with gmail or outlook or anything else that i have no permission to add (mydomain.com)._report._dmarc.(gmail|outlook).com as a record. What i can do?
Example just like:
v=...
1
vote
1
answer
359
views
I setup DMARC p=reject on server but now I can't send via gmail to gmail (using server email From address)
Did I shoot myself in the foot ?
I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the ...
0
votes
1
answer
226
views
How to proper dns zone config for selfhosted email server
Looking to harden the sending authentication of my email server, I am looking for some usefull hints on the topic.
As I have in total 4 Vps Servers where emails will be send from, registration ...
1
vote
2
answers
343
views
Should we enhance DMARC to allow aligned DKIM enforcement?
Currently, DMARC only requires aligned DKIM or SPF.
However spoofing SPF is relatively simple for an experienced hacker:
You should only control a single IP address in the often large SPF range of e-...
1
vote
2
answers
207
views
I don't understand DMARC reports regarding my policy
My DMARC settings seems to not work as expected.
First, a few things to note:
The domain is mydomain.com (not the real one obviously) ;
The domain and mail provider is gandi.net ;
I use Amazon SES to ...
0
votes
0
answers
90
views
Correct SPF record
I have been asked to apply DMARC protection to a domain. Part of this requires me to add an DNS record to the domain management console, however I have come across a stumbling block. The DMARC checker ...
0
votes
1
answer
108
views
Managing SPF with multiple users on an email provider
I'm using Ipower for web and email hosting. I was recently made aware that SPF and DMARC were set to neutral, causing all of our outgoing emails to go to spam. I updated both records and they worked ...
7
votes
3
answers
2k
views
Strange characters appearing in some DNS checkers, but not others for DKIM and SPF, possibly causing DMARC to fail
Emails sent from all 3 email addresses I have set up in the Rackspace Cloudways Add-On are ending up in Spam in GMail.
When I "View Original Message" in GMail, I see...
SPF: NEUTRAL with ...
1
vote
3
answers
501
views
SPF FAIL but DKIM PASS with my own domain
I do not understand the fail results in the following google DMARC report to our domain.
I understand that the SPF fails because the IP address is not ours but if so, how come DKIM passes?
<...
2
votes
1
answer
927
views
DKIM & SPF Allignment for Subdomains
We have a primary domain name example.com that has both adkim=s and aspf=s defined in its DMARC policy. Now, we have multiple subdomain names for this primary domain, such as postman.example.com. The ...
2
votes
1
answer
4k
views
DMARC record is valid, but your domain's None/Quarantine policy does not yet protect it against email spoofing and phishing
People,
Using the website: https://easydmarc.com/tools/dmarc-lookup?domain=name.com
I got this error:
DMARC record is valid, but your domain's None/Quarantine policy does
not yet protect it against ...
1
vote
1
answer
949
views
DMARC reports - fail then pass, and "softfail"
Here are two records from reports, with the actual domain name of my client replaced with "example.com". In the first one, SPF is marked "fail" above under "policy_evaluated&...
0
votes
1
answer
1k
views
Network Solutions DNS not always returning DKIM and SPF records
If there is a more appropriate place to ask this or it is a duplicate, please tell me.
I have a client who hosts their domains with Network Solutions. Some of their emails were bouncing due to ...
1
vote
2
answers
219
views
Does this report mean someone is attempting to send emails fraudulently or that I have things configured wrong?
Pretty new to spf/dkim and dmark.
After setting this up just this morning I already got a report on a new website. Our service eamils our users via sendgrid and the rest of the emails are sent from ...
0
votes
0
answers
176
views
postfix to gmail silent delivery failure
With the impending turndown of free hosted Google workspace accounts, I'm trying to install my own mail server using postfix/dovecot/opendkim. Mostly, it's working and for many of the services I've ...
17
votes
3
answers
8k
views
SPF/DKIM/DMARC for Gmail "Send mail as" via smtp.gmail.com on external domain
Since "Google Apps" / "Google Apps for business" / "G-Suite" / "Google Workspaces" free tier is being discontinued, I need a solution to migrate my ~30 extended ...
0
votes
0
answers
508
views
Softfail on forwarded emails sent through Yahoo mail - Is there a fix?
happy to be here.
Excuse me for the wall of text but I am trying to help a friend who wants to keep on using his Yahoo mail for sending emails from his business email address.
His mail server is on ...
0
votes
1
answer
2k
views
How can it be possible dkim fails whereas spf pass
I have set up a postfix which sends emails.
I have configure spf, dkim and dmarc (with p=none).
I have checked with mail-tester: spf and dkim work fine.
I have set up a dmarc rua in order to receive ...
3
votes
1
answer
2k
views
How is this email passing DMARC?
Today we received a spoofed email: it was sent to us "from us". (Assume we own foo.com -- real domain redacted.)
This is disturbing, as it shows as "from foo.com", yet the sender ...
0
votes
1
answer
598
views
How do I add individual mail-sending websites to my SPF record?
My company, which sends @example.co email from Google Workspace, HubSpot, and Salesforce, has the following SPF record in DNS:
v=spf1 include:_spf.google.com include:_spf.salesforce.com
include:...
0
votes
1
answer
566
views
Why am I failing SPF only in my Google DMARC report?
Curious as to why my Google DMARC is coming back with a fail under SPF. Here is the report:
<?xml version="1.0" encoding="UTF-8" ?>
<feedback>
<report_metadata>
...
2
votes
1
answer
2k
views
Why do I get DMARC aggregate reports with no reported failures (G Suite + Amazon SES)?
Domain: franzoni.eu
Such domain leverages G Suite (grandfathered free version) for receiving mail, but for various reasons (I prefer not to create users for M2M SMTP on G Suite, and I cannot use SMTP ...
6
votes
2
answers
4k
views
Why does spf fail in DMARC report from Google?
I recently received a DMARC report from Google alerting me of a few SPF failures with mail originating from IP addresses belonging to Amazon SES. A sample record is as follows (I have replaced our ...
1
vote
1
answer
195
views
Confused about SPF Records
I thought that ?all in SPF should not be used.
Then I examinated SPF records of some local email provider companies and I found this:
v=spf1 mx ip4:77.75.78.0/23 ip4:77.75.76.0/23 ip6:2a02:598::/32 ?...
0
votes
1
answer
488
views
SPF record with DMARC policy is not picking up the policy
We are now going through security verification, and we are using SecurityScorecard for it.
One of the issues that we are still trying to fight, is the SPF record.
The details of the error are as ...
6
votes
1
answer
4k
views
Mail from Teams forwarded to Gmail marked as spam due to DMARC failure
When I write a chat message in Microsoft Teams the receiver gets an e-mail notification on her Office 365 account ([email protected]) when she is offline in Teams. The receiver set it up so that all ...
1
vote
1
answer
311
views
DMARC failure for delivery report
I have a Docker-based mail server (Mailu) setup. It's working great except for delivery reports which are sent automatically (one of the user mailboxes is full and a "Quota exceeded" ...