Disable DMARC for inbound mail

Question

I have in-house SMTP server with SPF, DMARC and DKIM configured for my domain. For inbound mail I use 3d party service.

MX is included into SPF record

v=spf1 a mx include: _spf.mailprovider.com include:spf.mail.example.com ~all

DMARC is configured to reject all unverified senders

v=DMARC1;p=reject;rua=mailto:rua@example.com;ruf=mailto:ruf@example.com;pct=100;

My problem is, I started to recieve 2-3x less incoming mail after I configured DMARC record. Is it possible it blocks inbound mail? I thought it's only for outbound mail control.

If so, can I configure DMARC to be used only for outbound authenticity check? I don’t want to limit incoming messages, even spam.

Answer 1

DMARC settings for your own domain have no effect on messages sent to your domain.

Your inbound mail service should be checking SPF and DMARC records for everyone that sends you mail, but the settings for your own domain have no effect on that.

The only reason I can see for your inbound messages reducing is if the SPF and DMARC settings result in you blocking legitimate sources of email for you own domain - in which case, track them down and add them to your SPF.

You should be able to turn off DMARC checks for your inbound mail separately from your own domain's settings, but I don't recommend doing so because it negates the point of using SPF and DMARC in the first place.

The other thing to try is to disable p=reject and set p=none; that way your own domains won't be subject to DMARC enforcement elsewhere, but you will be able to see if it solves your inbound problem without disabling DMARC altogether.