1

I'm scoring 9/10 on mail-tester.com. My -1 comes from this, "You do not have a DMARC record"

In my DNS (cPanel>"Advanced DNS Zone Editor") I have this DMARC record

_dmarc.mycooldomain.com.    14400   IN  TXT "v=DMARC1; p=none; sp=none; ruf=mailto:myaddy@gmail.com; rf=afrf; pct=100; ri=86400"

my domain is really the correct domain in the actual DMARC record, and myaddy@gmail.com is really the email for the cPanel/WHM account(a gmail addy), not the sender domain in the SPF record (e.g. info@mycooldomain.com). Does that matter?

otalliance.org/resources/spf-dmarc-tools-record-validator Returns green, which I presume is good.

So is the issue with mail-tester.com, or my DMARC record?

animuson
  • 53,861
  • 28
  • 137
  • 147
NotUncleBob
  • 83
  • 2
  • 5

2 Answers2

1

Obviously, mycooldomain is not really your domain, so it's hard to verify what you posted, but based on what you posted, your RUF field will cause it to fail DMARC. If you send an email to mailtest@unlocktheinbox.com they have a really good DMARC tester, but unfortunately the DMARC results are not free. But I'm 100% sure that you're not following the standard on page 28 of the Dmarc Specification

Which reads

For example, if a DMARC policy query for "blue.example.com" contained "rua=mailto:reports@red.example.net", the host extracted from the
latter ("red.example.net") does not match "blue.example.com", so this procedure is enacted. A TXT query for
"blue.example.com._report._dmarc.red.example.net" is issued. If a
single reply comes back containing a tag of "v=DMARC1", then the
relationship between the two is confirmed. Moreover,
"red.example.net" has the opportunity to override the report
destination requested by "blue.example.com" if needed.

Since you're using a gmail account - there is no way your going to convince them to add a record on your behalf. So you need to choose a different RUF email address. Most likely one like dmarc@Mycooldomain then set up a forwarder to your gmail account if that's where you want the reports to go.

Community
  • 1
  • 1
Henry
  • 2,953
  • 2
  • 21
  • 34
  • Great thanks Henry, I wondered if that was it. BTW I am happy to message you with real details, I just prefer not to post real details, that hang around for years, when asking for help. – NotUncleBob Apr 21 '16 at 19:57
  • I should add for anyone else searching to this post, Gmail mail prefers you fetch from their end rather than forward to them. Just something that might help. A search of Gmail fetch should show you how to set that up, (Gmail>Settings>Accounts). – NotUncleBob Apr 21 '16 at 20:04
0

DNS changes are not available instantly. It can take hours until a new record will be visible to other servers. The DMARC entry you have posted seems to be valid except the "ruf=" email address. Here you must provide an email address assigned to your own domain.

Fix, wait and try again.

Vitali Lutz
  • 1
  • 2