0

I am trying to get the DKIM and SPF settings correct for a client who uses both GSuite and WordPress to send her emails.

I added this dmarc: v=DMARC1; p=none; rua=mailto:l***@******ney.com; fo=1; adkim=r; aspf=r;

(when I set the p to quarantine everything went to spam)

I added a google domain key v=DKIM1

And I added this spf that was supposed to be a catchall for google but doesn't seem to be working:

v=spf1 mx a include:_spf.google.com ~all

But the spf was still failing so I started adding ip addresses ... but it still fails.

Then this morning I got a report from google where the policy_evaluated failed for both DKIM and SPF ... but the auth_results PASSED for both.

I'm totally shooting in the dark here. Can someone please tell me what I'm doing wrong?

Yuriko
  • 941
  • 1
  • 6
  • 21
OM4U
  • 1
  • Does the domain in the section match the domain for the and / or domains in the section? The lists whether the tests passed *and* the domains are aligned with the header_from domain. – Reinto Aug 31 '22 at 16:15
  • No the dkim is fw-mail.com and the spf is x.fw-mail.com. What do I need to do? – OM4U Sep 02 '22 at 20:35
  • The server / system sending the emails is not using your domain to prove it is authorized to send on behalf of your email domain (in the `FROM` header). DKIM has a tag in its header `d=` which indicates for which domain it is signing. SPF domain is checked on the bounce / envelope address (Return-Path header). As long as neither of those is aligned with your `FROM` header domain, you will not pass DMARC. – Reinto Sep 04 '22 at 11:40
  • Ok so ... I selected google for my DKIM because that's who is sending the emails ... but I'm also using aweber for bulk emails and an email responder from inside wordpress. So how do I account for those differences? I think this is what is causing the problem. – OM4U Sep 06 '22 at 16:37
  • You need a DKIM public key published in DNS for each party sending on your behalf. Aweber has some documentation online how to configure a custom domain and the record you need to publish. I'm not sure about how to do that for you WP responder. DKIM records look like: `v=DKIM1; p=[PlatformPubKey]` and optionally `k=rsa`, published at `selectorname._domainkey.yourdomain.com` – Reinto Sep 16 '22 at 07:51

0 Answers0