SPF record with DMARC policy is not picking up the policy

Question

We are now going through security verification, and we are using SecurityScorecard for it. One of the issues that we are still trying to fight, is the SPF record.

The details of the error are as follows:

SPF softfail record without DMARC policy detected.

Now, I could, of course, set it to HardFail, but I wanted to have the policy to quarantine first. But it seems to not work.

Here are the two record that I currently have:

v=DMARC1; p=quarantine; sp=quarantine; rua=mailto:dmarc@mailinblue.com!10m; ruf=mailto:dmarc@mailinblue.com!10m; rf=afrf; pct=100; ri=86400

v=spf1 include:servers.mcsv.net include:spf.sendinblue.com mx include:_spf.google.com ~all

I was under the assumption that the DMARC record is the one setting the policy. What am I doing wrong here?

score 0 · Answer 1 · answered Oct 20 '21 at 11:24

I was under the assumption that the DMARC record is the one setting the policy. What am I doing wrong here?

The DMARC policy is effective, if the recipient is capable of DMARC. Otherwise, if the recipient is only validating SPF, the SPF action is effective.

But in addition, SecurityScorecard may on top set higher requirements for consistency, even if it is not required my the DMARC/SPF standards.

Has the DMARC record been validated to be effective (i.e. correctly configured)?

Looks like SecurityScorecard did validate the DMARC properly. But SPF is failing. — Shurik Agulyansky, Oct 20 '21 at 17:13

SPF record with DMARC policy is not picking up the policy

1 Answers1