Domain-based Message Authentication, Reporting, and Conformance (DMARC) is a mechanism by which the owner of a domain uses specially formed DNS records to express domain-level policies and preferences for email validation, disposition, and reporting.
Questions tagged [dmarc]
205 questions
1
vote
1 answer
Where ARC public key is stored?
Where ARC public key is stored? For DKIM it is [selector]._domainkey.example.org. But for ARC? Is it the same as DKIM and holds in TXT query for domain mentioned above?
Thank you.
![](../../users/profiles/320840.webp)
Javier Hernández
- 33
- 1
- 4
1
vote
1 answer
DMARC and RFC2298 compliant MDNs with a null MailFrom... Can it work?
This is an issue we're seeing with Exchange Online but it would be an issue with most hosted email I suspect. When Office 365 / Exchange Online sends an automatic reply (Out of Office for example) it adheres to RFC 2298 and the RFC5321.MailFrom is…
![](../../users/profiles/435203.webp)
omniomi
- 123
- 8
1
vote
1 answer
DKIM for "From" domain or MX domain?
My server is handling mail for several virtual users and domains. The SPF records of the domains state that only the MX server is allowed to send mail (v=spf1 mx -all) and this MX server is a generic domain, so example.org and example.com have…
user178826
1
vote
1 answer
What does a failed SPF record tell me from a DMARC Aggregate report?
I have been trying to find a straightforward answer to this, but I have been having no luck. I also tried asking on the security focused Stackexchange site, but had no luck there is well. I am hoping someone here might have some insight.
I am…
![](../../users/profiles/403543.webp)
Dave
- 11
- 1
1
vote
1 answer
Should I use DKIM, SPF and DMARC on domains used only for alias/redirection inbound email?
I have a bunch of domains, let's say:
example.org
example.com
example.net
example.be
My mail server is running on mail.example.net. I only use the domain example.com to send and receive emails. All the other domains are only used to receive emails…
![](../../users/profiles/295683.webp)
wget
- 285
- 2
- 7
1
vote
1 answer
Interpreting DMARC report
I have DKIM and SPF configured for my SMTP server, and recently set
the policies to strict/reject. I received the report shown below from
Google. Ths source IP is not my SMTP server.
I read this as Google checking DKIM and SPF, with both failing,…
![](../../users/profiles/22361.webp)
Ex Umbris
- 804
- 7
- 24
1
vote
1 answer
Can I use DMARC if SPF fails
I'm trying to enable DMARC.
The problem that I see is that since I use 3rd party companies for marketing emails, DMARC SPF fails for those emails because they put email from their own domain into return path (i.e. bounce email address).
This is…
![](../../users/profiles/250761.webp)
Roman_T
- 333
- 1
- 4
- 14
1
vote
1 answer
message headers say dkim = fail, stats say = PASSED. why the conflict, and how to fix?
In some-not-all received emails -- notably ONLY those sent via 'bulk' services -- I get a DKIM fail: "signature verification failed". Here's one example:
Received message headers
DKIM-Filter: OpenDKIM Filter v2.10.3 mail.example.com…
![](../../users/profiles/363872.webp)
Jason
- 11
- 1
- 3
1
vote
1 answer
Email abuse reports for outbound.protection.outlook.com
I've recently set up a DMARC record for my domain and now I'm receiving email abuse reports from hotmail.com that state:
This is an email abuse report for an email message received from IP 104.47.126.207 on Sun, 14 Feb 2016 07:20:43 -0800.
The…
![](../../users/profiles/180270.webp)
CamaroSS
- 243
- 1
- 3
- 9
1
vote
1 answer
Two different dkim result records in DMARC report from google
I get DMARC report from google, and the dkim check appears twice, one with pass, the other with fail status. This same report includes another record from the same IP with all pass status. Any idea what would cause this, or what should I fix?
Here…
![](../../users/profiles/6743.webp)
yhager
- 133
- 5
1
vote
2 answers
Is DMARC helpful to me if I don't need reporting?
I have SPF and DKIM setup and working for the email domain I administer. The next recommended step is to setup DMARC since SPF and DKIM are both in place.
What are the benefits of using DMARC if both SPF and DKIM are already functioning as expected?
![](../../users/profiles/52664.webp)
poke
- 1,079
- 4
- 11
- 21
1
vote
1 answer
SPF failure with gmail
I'm trying to properly set up DKIM, SPF, and DMARC so emails sent from my server are less likely to be seen as spam. I got my first DMARC report and I'm little confused by this part:
…
![](../../users/profiles/135404.webp)
Tim Tisdall
- 623
- 1
- 5
- 17
1
vote
1 answer
What is wrong in my DKIM setup? I'm getting all fails
I own a domain name
I have implemented SPF and DKIM to avoid my mails being junked. I have also upgraded to DMARC in monitor mode.
Since I received a few failure reports recently I wanted to investigate more. I have only one server sending outbound…
![](../../users/profiles/64579.webp)
usr-local-ΕΨΗΕΛΩΝ
- 2,339
- 7
- 33
- 50
1
vote
3 answers
SPF FAIL but DKIM PASS with my own domain
I do not understand the fail results in the following google DMARC report to our domain.
I understand that the SPF fails because the IP address is not ours but if so, how come DKIM passes?
google.com
…
![](../../users/profiles/980984.webp)
Kevin Roma
- 11
- 2
1
vote
1 answer
DMARC reports - fail then pass, and "softfail"
Here are two records from reports, with the actual domain name of my client replaced with "example.com". In the first one, SPF is marked "fail" above under "policy_evaluated" and then "pass" below under auth_results. I find this confusing. This is…
![](../../users/profiles/17272.webp)
Devin Ceartas
- 1,458
- 9
- 12