We are now going through security verification, and we are using SecurityScorecard for it. One of the issues that we are still trying to fight, is the SPF record.
The details of the error are as follows:
SPF softfail record without DMARC policy detected.
Now, I could, of course, set it to HardFail
, but I wanted to have the policy to quarantine first. But it seems to not work.
Here are the two record that I currently have:
v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:dmarc@mailinblue.com!10m; ruf=mailto:dmarc@mailinblue.com!10m; rf=afrf; pct=100; ri=86400
v=spf1 include:servers.mcsv.net include:spf.sendinblue.com mx include:_spf.google.com ~all
I was under the assumption that the DMARC record is the one setting the policy. What am I doing wrong here?