Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

DMARC Question

Discussion in 'E-mail Discussion' started by keat63, Apr 2, 2019.

  1. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,209
    Likes Received:
    77
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I finally decided to apply DMARC yesterday, currently configured as 'none'

    This morning I recieved 4 emails from Yahoo.

    Code:
    <?xml version="1.0"?> 
    <feedback> 
      <report_metadata> 
        <org_name>Yahoo! Inc.</org_name> 
        <email>postmaster@dmarc.yahoo.com</email> 
        <report_id>1554166736.823249</report_id> 
        <date_range> 
          <begin>1554076800</begin> 
          <end>1554163199 </end> 
        </date_range> 
      </report_metadata> 
      <policy_published> 
        <domain>domain.co.uk</domain> 
        <adkim>r</adkim> 
        <aspf>r</aspf> 
        <p>none</p> 
        <pct>100</pct> 
      </policy_published> 
      <record> 
        <row> 
          <source_ip>xxx.xxx.xxx.xxx</source_ip> 
          <count>2</count> 
          <policy_evaluated> 
            <disposition>none</disposition> 
            <dkim>pass</dkim> 
            <spf>pass</spf> 
          </policy_evaluated> 
        </row> 
        <identifiers> 
          <header_from>domain.co.uk</header_from> 
        </identifiers> 
        <auth_results> 
          <dkim> 
            <domain>domain.co.uk</domain> 
            <result>pass</result> 
          </dkim> 
          <spf> 
            <domain>domain.co.uk</domain> 
            <result>pass</result> 
          </spf> 
        </auth_results> 
      </record> 
    </feedback> 
    
    
    I assume that these are notifications that emails sent (by staff members) got to the intended recipient ?
    Am I going to keep getting these ?
    Have I just opened a can of worms and created myself more work.
     
    #1 keat63, Apr 2, 2019
    Last edited: Apr 2, 2019
  2. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,209
    Likes Received:
    77
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    Jean Boudreau likes this.
  3. Jean Boudreau

    Jean Boudreau Member

    Joined:
    Mar 31, 2017
    Messages:
    16
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Caraquet, NB, Canada
    cPanel Access Level:
    Root Administrator
    I had DMARC enable for a few months on a domain. Just like you it was setup with 'none'. Never received emails from Yahoo like you have received. Is it still ongoing?

    I've used dmarcian also to test my DMARC and had no errors. Thanks for sharing the link.
     
  4. cPanelLauren

    cPanelLauren Forums Analyst II Staff Member

    Joined:
    Nov 14, 2017
    Messages:
    5,815
    Likes Received:
    443
    Trophy Points:
    233
    Location:
    Houston
    cPanel Access Level:
    DataCenter Provider
    The explanation of what DMARC does here: Overview – dmarc.org should be helpful.

    In this case, the report you're receiving is the report and is normal based on the record you have in place I'd assume. What is the DMARC record you have (removing any identifying information of course)
     
    Stop hovering to collapse... Click to collapse... Hover to expand... Click to expand...
  5. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,209
    Likes Received:
    77
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I had 4 emails yesterday, from yahoo, Sky, BT and AOL.

    Same again this morning, all arrived at the same time, all the exact same format and file naming convention, so I'm assuming all utilise Yahoo.
    Of the ones I interrogated yesterday, they all went along the same lines as the attached image.
    Nothing that I can see to indicate any failures
     

    Attached Files:

  6. Jean Boudreau

    Jean Boudreau Member

    Joined:
    Mar 31, 2017
    Messages:
    16
    Likes Received:
    4
    Trophy Points:
    3
    Location:
    Caraquet, NB, Canada
    cPanel Access Level:
    Root Administrator
    Hello,

    You would received those reports(fo=1) daily(ri=3600) if you use the "rua" in your dmarc.

    Here's mine and I do received daily XML from Google and the important part is that it shoud "Pass" all test:

    • rua description: List of URIs for receivers to send XML feedback to. URIs are required to be added in the format of 'mailto:address@example.com'.
    • fo description: Forensic reporting options. The value of this tag is a colon-separated list of characters. Possible values: (0) to generate reports if all underlying authentication mechanisms fail to produce a DMARC pass result, (1) to generate reports if any mechanisms fail, (d) to generate report if DKIM signature failed to verify, (s) if SPF failed. If no ruf tag is specified, this tag will be ignored.
    • ri description: The reporting interval for how often you'd like to receive aggregate XML reports. You'll likely receive reports once a day regardless of this setting.
    I received daily report because I have a mechanisms that is failing: DMARC Policy Not Enabled which is "p=none". That's why I will received a daily email until I change "ri" or fix the policy(p=none).

    You can use Network Tools: DNS,IP,Email to check you domain and select DMARC lookup in the dropdown list.
     
    #6 Jean Boudreau, Apr 4, 2019
    Last edited: Apr 5, 2019
    cPanelLauren likes this.
  7. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,209
    Likes Received:
    77
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    I intend to switch to quarantine when i'm happy that DMARC is not causing any issues.
    I may have to look at moving the RUA to a different email address though, as i'm getting about 10 per day.
     
    cPanelLauren likes this.
  8. keat63

    keat63 Well-Known Member

    Joined:
    Nov 20, 2014
    Messages:
    1,209
    Likes Received:
    77
    Trophy Points:
    28
    cPanel Access Level:
    Root Administrator
    On thursday I sent a large number of news letter emails to our customers, I use mailchimp for this.
    Maichimp requires a valid email address to receive bounces, unsubscriptions etc, so I use one on our domain.

    Over the weekend, I received a few hundred DMARK reports, far too many to even consider worrying about or trying to decipher.

    In hindsight, it's quite obvious what happened, becuase mailchimp was using a return address of my domain, these probably all failed DMARK.
    Heaven knows if this had any bearing on the delievery of emails.

    My Dmark is currently using the 'none' protocol.
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice