DMARC record not found

Question

I'm trying to set up DKIM, SPF and DMARC on my mail server. Although DKIM and SPF work fine (as reported by auth-results@verifier.port25.com) i can't seem to get DMARC to work.
Both mxtoolbox.com and dmarcian.com report "No DMARC record found".

My DNS record is:

Type: TXT
Domain: _dmarc.domain.com
Value: v=DMARC1; p=none; pct=100; rua=mailto:mail@domain.com
TTL: 5min

Both OpenDKIM and OpenDMARC on the mail server are up and running:

sudo netstat -tulpn | grep -e opendkim -e opendmarc
tcp        0      0 127.0.0.1:8891          0.0.0.0:*               LISTEN      8151/opendkim
tcp        0      0 127.0.0.1:8893          0.0.0.0:*               LISTEN      8168/opendmarc

cat /etc/postfix/main.cf | grep -e 8891 -e 8893         
non_smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893
smtpd_milters = inet:127.0.0.1:8891, inet:127.0.0.1:8893

I would appreciate any suggestions

Check the SOA record for your domain to see how long negative caching might be. Until it expires some DNS servers won't re-qeuery. See: https://serverfault.com/questions/426807/how-long-does-negative-dns-caching-typically-last — Brian, Apr 19 '18 at 13:52
If you gave the names involved maybe someone could help you... — Patrick Mevzek, Apr 19 '18 at 23:59

score 3 · Accepted Answer · answered Apr 21 '18 at 09:35

Namecheap How do I add TXT/SPF/DKIM/DMARC records for my domain? indeed has a problem in all of its examples, but the real reason is the missing tailing . for root.

example.com   TXT     v=spf1 a ~all
selector1._domainkey.example.com TXT
_dmarc.example.com   TXT

That's why they don't work globally, while this form might work in their own web configuration tool. In BIND for instance the records that aren't FQDN with the . are completed with the $ORIGIN example.com., making these examples:

example.com.example.com. TXT
selector1._domainkey.example.com.example.com. TXT
_dmarc.example.com.example.com. TXT

Both _dmarc and _dmarc.example.com. would work, but the short form only if the $ORIGIN example.com. was set, too.

Both `_dmarc.example.com.` and `_dmarc.example.com` didn't work for me. Changing it to `_dmarc` did the trick. — Wolfgang, Apr 22 '18 at 10:20

score 1 · Answer 2 · answered Apr 21 '18 at 07:19

1

I found a solution.

Turns out the Namecheap Knowledge Base is wrong and the DMARC record needs to be _dmarc and not _dmarc.domain.com

answered Apr 21 '18 at 07:19

Wolfgang

33
1
4

Same as @Wolfgang, using "_dmarc" worked. I validated it worked by using http://www.appmaildev.com/en/dkim. – josephdpurcell May 29 '19 at 14:25

score 0 · Answer 3 · answered Sep 12 '19 at 02:11

One should use a free online DMARC record checker to check the existence and validity of a DMARC record on the domain in question. This issue occurs often because either this is no DMARC record found, or the DMARC record is set on an incorrect host.

Learn more with this post: How to fix No DMARC Record Found

DMARC record not found

3 Answers3