Can't get DMARC records to stick

[Eclipsed830]

Hello-

I'm running the latest version of cPanel WHM on CENTOS 7.6, hosted on a DigitalOcean droplet and am having a hell of a time getting my DMARC setup. Pretty much all of my e-mails going to my gmail are getting sent to the spam folder.

So far I've gone to: DNS Functions -> Edit DNS Zone -> example.net

and have added the following as a new entry:

_dmarc | 14400 | IN | TXT | v=DMARC1; p=none; sp=quarantine; rua=mailto:[email protected]

However, after I hit Save and go back to check it simply shows up as:

"v=DMARC1"

and the rest of the string is missing. When I run a test from mail-tester.com, it shows the same:

Your message failed the DMARC verification

DMARC DNS entry found for the domain _dmarc.example.net:

"v=DMARC1"
Verification details:

mail-tester.com; dkim=pass (2048-bit key; unprotected) header.d=example.net [email protected] header.b=aNUe11UX; dkim-atps=neutral
mail-tester.com; dmarc=permerror header.from=example.net
mail-tester.com; dkim=pass (2048-bit key; unprotected) header.d=example.net [email protected] header.b=aNUe11UX; dkim-atps=neutral
From Domain: example.net
DKIM Domain: example.net

Any idea what's going on?

 

[keat63]

Here is a copy of my Dmarc, which I know works, as I get notifications daily.
Compare this against yours

v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:[email protected];ruf=mailto:[email protected]

As for your mails going to spam, maybe this is caused by your quaranitine portion.
You'll note how my DNS entry says 'none', so my mail will get delivered as expected, i've intentionally left it like this until I'm sure it's working fully.

I believe the protocols are

none = emails delivered as normal
quarantine = emails sent to junk folder
reject = emails are rejected

 

[Eclipsed830]

Thanks! I think I'm entering the correct DMARC sequence into cPanel, but for some reason it's just not pushing it through. I've waited 24 hours and it's still now showing up on any of the DNS tools.

For example, when I run whatsmydns.net the only txt entry propagating is my "v=spf1 +a +mx ".

 

[keat63]

Did you try to copy and paste mine.
I know for certain this works, just change the email address entries for your own.

I checked my TXT records on whatsmydns and get similar results to you, so maybe this is an inaccurate way of testing.

Try MXToolbox instead.
mxtoolbox.com/DMARC.aspx

 

[Eclipsed830]

Did you try to copy and paste mine.
I know for certain this works, just change the email address entries for your own.

I checked my TXT records on whatsmydns and get similar results to you, so maybe this is an inaccurate way of testing.

Try MXToolbox instead.
mxtoolbox.com/DMARC.aspx

Hi, I did copy and paste your exact code, just changed the e-mail address. I also discovered if I put everything in quotes, it will keep the entire txt entry.

Been 12 hours though, still nothing on MxToolBox.



Previously I've also tried _dmarc.domainname.com., also with no luck.

 

[cPanelLauren]

Why are there spaces in the dmarc record you're showing @Eclipsed830? Those backslashes shouldn't be there.

 

[Eclipsed830]

I just noticed that too...

When I enter the entire DMARC1 string in quotes like "DMARC1;p=none;sp=none;etc;etc;etc", cPanel seems to remove the quotes and adds the \'s automatically.

If I don't put the entire string in quotes, cPanel changes the string to this after I hit save, and check again:



I've also tried multiple strings, including from online generators and the one provided earlier in this thread with the same result.

 

[Eclipsed830]

Here is the exact string I am applying, exactly like this:

v=DMARC1;p=none;sp=none;adkim=r;aspf=r;pct=100;fo=0;rf=afrf;ri=86400;rua=mailto:[email protected];ruf=mailto:[email protected]

I am inserting this without quotes, hit save, get "Your settings have been updated."

And when I go back to check at: Edit DNS Zone -> Domain

It shows up as this:



If I add quotes surrounding the string, it keeps the string, but automatically inserts the backslashes like you see in the previous post.

 

[Eclipsed830]

Sorry for the triple post. Wish there was an easy way to combine them... but after some research I found a few other people having similar problems as me:

DKIM in cPanel how to remove Slashes
DNS Zone Syntax Escape Bug (Case 65177)

I followed the instructions from the first link, opened /var/named/domain.tld.db

Manually edited the database, adding the DMARC string in quotes - "string"

Reset the DNS Server through cPanel.

And now it seems to be working fine as long as I don't touch the cPanel Zone Editor. If I edit any of the other entries through the cPanel Zone Editor, it will automatically revert the DMARC entry back to the previous issues I was having (cutting the string or adding \). Hopefully this manual edit sticks and cPanel won't change it after a reset or sw upgrade! ha

Passing all the test on MX Tools.

Thanks again for those that helped!

 

[keat63]

I copied my DMARC string from a web engine somewhere, I didn't suffer any issues with back slashes.
What version of WHM are you on, maybe there's a bug ?
I'm currently on 76.0.20.

 

[Eclipsed830]

I copied my DMARC string from a web engine somewhere, I didn't suffer any issues with back slashes.
What version of WHM are you on, maybe there's a bug ?
I'm currently on 76.0.20.

I'm on a fresh copy of v78.0.21. Once the back-slashes were pointed out, I was able to find a few other people with the same issue. Seems pretty random, also some of the threads were pretty old.

 

[cPanelMichael]

Hello @Eclipsed830,

Do you mind opening a support ticket so we can take a closer look at your system and rule out any defects associated with the addition of a DMARC record from the cPanel UI? You can post the ticket number here and we'll link this thread to it.

Thank you.

 

[djbaxter]

Using WHM/cPanel v78.0.23

I am having exactly the same issue as Eclipsed830.

If I don't use quotes, the DMARC record doesn't stick after saving.

If I do use quotes, WHM removes the quotes and adds backslashes.

Is there a fix or workaround for this yet?

 

[djbaxter]

Actually, if I leave it alone with the backslashes, the DMARC record shows as valid at DMARC record Checker | DMARC record Tester - DMARC Analyzer

 

[cPanelMichael]

Hello,

While it's possible to manually add a TXT entry to an existing DNS zone using the command line or WHM >> Edit DNS Zone, it's important to note that using the Zone Editor feature in the cPanel UI is currently the recommended method for creating new DMARC records.

For instance, here's an example of a raw DMARC record as it appears in the domain's DNS zone after it's created through cPanel >> Zone Editor >> Add Record >> Add DMARC record:

_dmarc   14400   IN   TXT   v=DMARC1\;p=none\;sp=none\;adkim=r\;aspf=r\;pct=100\;fo=0\;rf=afrf\;ri=86400

I confirmed that manually adding the above record (with no changes to syntax) works properly when using WHM >> Edit DNS Zone. To see improved DMARC record management in cPanel & WHM, I recommend voting and adding feedback to any or all of the following feature requests:

Add DMARC to the Email Deliverability UI
DMARC installation global
DMARC installation script

Thank you.

 

[bluerayconcepts]

I can confirm this is also happening with me as well. Using the CPanel WHM Edit DNS is I put the text record in quotes and save it will remove the quotes and add slashes to the record.

I have to manually enter them into the .db file and update the serial.

This was happening about a month ago as well when I was updating some DKIM's and SPF's and was doing the same thing.

 

[cPanelMichael]

I can confirm this is also happening with me as well. Using the CPanel WHM Edit DNS is I put the text record in quotes and save it will remove the quotes and add slashes to the record.

Hello @bluerayconcepts,

Can you share an example TXT record that you are adding along with the cPanel & WHM version installed on your server?

Thank you.