Questions tagged [dmarc]

Question 1

My domain has a valid DKIM record, DMARC record, and SPF record. My DMARC record has p=none. Looking at headers of emails sent to gmail, I see ARC-Authentication-Results showing dkim=pass, spf=pass, ...

Question 2

We have a few domains, which are not expected to send emails, therefore I would like to know if there is a way to effectively forbid those domains to send emails to prevent spoofing my company various ...

Question 3

I host an iredmail email server: mydomain.one It serves emails for domains mydomain.com, otherdomain.org, thirddomain.com, fourthdomain.org. The PTR record resolves to mydomain.one. This is strictly a ...

Question 4

I'm debugging DMARC failures on a chain of emails sent by Google to a Google account, forwarded to a Hotmail account, and then forwarded again to a private mail server under my control. The DMARC ...

Question 5

We are using Microsoft 365 Exchange Online to send email from our domain techoffice.ca. Over the last several days, emails to Gmail users are being rejected with the following bounce message: 550-5.7....

Question 6

How do I prevent this message: "Be careful with this message. The sender hasn't authenticated this message so Gmail can't verify ..." I have set up the following DNS TXT records: Name = @ ...

Question 7

I manage multiple domains (through ovh.com) including an internationalized domain (IDN), let's call it ïdn.com. The DNS records of these domains are relatively simple/minimal. They are all configured ...

Question 8

Hopefully someone can clear up my DMARC report confusion. Today, I got a DMARC report from Zoho. I use Zoho for my incoming email but a different SMTP service and I assumed that this means that I sent ...

Question 9

We have implemented DMARC (Domain-based Message Authentication, Reporting, and Conformance) with a "p=reject" policy to enhance email security and prevent spoofing for our business domain. ...

Question 10

I've set up a domain for a friend (maple-tree.co.uk). He wants to be able to send and receive email at this domain, and it seems to be working, mostly, but not fully. Some mail servers (BTInternet in ...

Question 11

I am trying to troubleshoot a DNS (DMARC DKIM) issue and am stuck. My gut tells me that its a DNS issue where DKIM is not resolving correctly. But I don't understand how or why? So, we use a 3rd party ...

Question 12

https://pastebin.com/raw/yEhGGkSA I sent this email using [email protected] as FROM adress with zoho mail. SPF: "v=spf1 include:spf.mailjet.com include:_spf.google.com include:sender.zohoinvoice....

Question 13

So I think I know the basics of SPF, DKIM, DMARC, and I understand why we can't spoof email addresses like it's 1998. But how does phishing like this, still exist in 2024: It's extremely rare that I ...

Question 14

My DMARC record looks like: "v=DMARC1; p=reject; rua=mailto:[email protected]; ruf=mailto:[email protected]; fo=1; adkim=s; aspf=s;" I set it up 4 years ago. But I am yet to receive a ...

Question 15

I have searched and searched and searched on the net and I can't find a solution to debug this definitive SMTP installation. So, I'd like you to help me please. 1. First of all, I have a problem where ...

Question 16

I have a domain that is not being used to send email, and so I was planning to just set the DMARC policy to "p=reject", remove everything from the SPF record, etc, to encourage recipients to ...

Question 17

I have a daily report sent through AWS SES to an Outlook mailbox on workdays. For some reason outlook marked yesterday's and Friday's emails as 'Unverified sender'. Today's email wasn't marked as '...

Question 18

We have an issue with (not)receiving email from one particular external sender that we can't figure out. An email gets sent from this sender to three types of emails. A single user email, a shared ...

Question 19

While investigating DMARC reports I realised I do not really understand some aspects of email. I am trying to make sure I have concepts related to SPF and DMARC correct. If an eMail message passes ...

Question 20

I have run into a bit of an issue when attempting to set up a mail system where the parent domain, example.com, already has A records and a web server as well as many clients utilizing the parent ...

Question 21

I can't seem to satisfy HELO checks on SPF records in all cases. I have an SPF record for my domain like this: "v=spf1 mx -all" The MX records in the zone are: mx0.mydomain.org.uk. ...

Question 22

I have one SendGrid account [email protected], I have been using it to send transactional emails from [email protected]. When I check the account [email protected], I realized that ...

Question 23

I use several different services to send out emails from my domain. I already have a CNAME record for _dmarc.mydomain.com that's set to mydomain.com.dmarc.emldlv.net for one service, however, another ...

Question 24

I recently helped a friend implement DMARC/DKIM/SPF and got a report that makes no sense to me. Their domain is hosted on SquareSpace, they use Google Apps for email, and Mailchimp for mailing lists. ...

Question 25

I am looking for some help understanding a DMARC report for my email server. The xml content looks like the following: <?xml version="1.0" encoding="UTF-8" ?> <feedback>...

Question 26

I'm using Procmail to forward mails to another server. I'm often getting an error message from the recipient server: host smtp-in.orange.fr[80.12.26.32] said: 501 5.2.0 y8XgrepnBNXb2 Mail rejete. ...

Question 27

I've been toying with dmarc off and on for the last couple of months. Currently I have no policy set. I am using URIReports for report collection and analysis. Most of the results are good. We use ...

Question 28

My domain configuration has one domain and three subdomains, one of which is identical to the mail server's hostname: example.com sales.example.com internal.example.com mail.example.com I initially ...

Question 29

I have the following DNS configuration: $ dig +noall +answer -t txt example.com example.com. 626 IN TXT "v=spf1 +a +mx include:sendgrid.net include:_spf.google.com -all" $ dig +noall +...

Question 30

Alright, to keep this simple: I have a project that is using AWS's SES to send transactional emails. The project is hosted on one site (let's call it example-site.com), but for reasons, the From: is ...

Question 31

I've seen (and think I understand) when DMARC checks fail on SPF because, e.g. the email has been forwarded and such like. But I don't think this is the case here. All checks on sites like MXtoolbox ...

Question 32

I received an email from a company that looked fine. Gmail deemed it ok. I checked the domain and the various DMARC, DKIM and SPF headers: they are all in "PASS" status. The sender's IP also ...

Question 33

When sending mails through our Exchange 365 service those mails get through successfully, but if we look at the mail headers we see that where the sender and recipient are in our tenant the mail's ...

Question 34

I have a successful and working 365 install (it's just family, but we're an Enterprise tenant because we have multiple domains.) Everything is working fine and I've recently been reviewing and ...

Question 35

I'm trying to maximize my company's email deliverability and DMARC reports tell me we are failing DMARC SPF alignment with calendar-server.bounces.google.com which I suspect is the email server ...

Question 36

We're using Microsoft 365 (outlook.office.com) for our company emails and have had DKIM set up for a while, but recently added a DMARC record. I now got a DMARC report from Google where every record ...

Question 37

Yahoo and Google are now requiring DMARC according to Shopify. I have been setting them up for my clients, but I don't need the aggregate reporting. I only need it so that these companies can verify ...

Question 38

I have just received notice from one of our partners that some of our emails sent via AWS SES are being flagged by their email provider as potential spoof DMARC. We used route 53 to add all our DNS ...

Question 39

At the moment, our Postfix + Dovecot mail system has two types of users: those with a full account and those with only a forwarder. Users with a full account are in the virtual_aliases table pointing ...

Question 40

DMARC is reporting that a small fraction of our emails originate from google, microsoft, and some other providers. DMARC is also reporting that a good chunk of those emails fail both SPF and DKIM, and ...

Question 41

I have a server running Sendmail and is able to email to all domains except my company's email (company1.com). I have tested to sending to gmail and other email providers with no issues. Sendmail is ...

Question 42

I have a domain (example.com) configured for sending and receiving mail using Google Workspace. I need to launch additionally a separate (own) mail server. Switching completely to the new server is ...

Question 43

I configured a mail server a couple of times before and I believe back then I thought that the answer is "yes." But I'm about to configure another one, and it seems that I was wrong. Let's ...

Question 44

I have been testing my DMARC policy for some weeks and I ran into this issue. Background: SPF - setup and working DKIM - set up and working (AFIK) DMARC - set up and working - looking for alignments ...

Question 45

I have an issue where email is being marked as spam by Gmail/Google Apps systems. When reading the mail headers, the most recent SPF check in the mail chain passes, but earlier checks fail. That is, ...

Question 46

We are seeing a large number of DMARC rejects from google from emails that have both a valid DKIM signature and a valid SPF sender. We have validated this by sending the same emails to other ISPs and ...

Question 47

I started to run a self-hosted mail server which I want to be reachable via a subdomain only. I have an A record for mail.sub.domain.tld and an MX record for sub.domain.tld /edit: which points to mail....

Question 48

I'm trying to get DMARC working for the emails I send via Office 365 as well as Amazon SES. It's working for Office 365 because I setup the SPF and DKIM records in my DNS but it's failing for the ...

Question 49

I'm interested in moving from ~all to -all in my SPF record in order to lock down my domain emails a bit more, but I want to know what the impacts might be (I do understand at ~ is SOFTFAIL and - is ...

Question 50

I run a virtual mail server that forwards emails to my domain to a Gmail address, and I use PostSRSd to rewrite the addresses. For example, if someone sends an email to [email protected], my mail ...