Gmail DMARC Policy Issue

Bashed · Jul 6, 2018

My domain has

DMARC

SPF

DKIM

rDNS

Clean RBL

I still get these from various Gmail using recipients below. Please help me to fix this issue once and for all.
Code:
<info@webrobots.io>: host aspmx.l.google.com[173.194.76.26] said: 550-5.7.1
    Unauthenticated email from domain.com is not accepted due to 550-5.7.1
    domain's DMARC policy. Please contact the administrator of 550-5.7.1
    domain.com domain if this was a legitimate mail. Please visit 550-5.7.1
    https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1
    DMARC initiative. b4-v6si7598406wru.376 - gsmtp (in reply to end of DATA
    command)
I did a test on Newsletters spam test by mail-tester.com too. 10/10 score.

cPanelLauren · Jul 6, 2018

This indicates that the mail is failing due to your DMARC policy. The following threads may be of assistance:
Setup dmarc over whm
Google DMARC

Bashed · Jul 6, 2018

My first post stated clearly I have DMARC enabled.

Even a cPanel tech told me in a ticket the following...

When I created a test email account, cptest@domain.com, and sent a test message from it to our test Gmail account, cpanelnoreply@gmail.com, I found that the message was delivered, but was redirected to the Spam folder. I am uncertain as to why this occurred, as your server appears to be correctly configured to send mail from the domain, and as the headers of the message indicate that it passed the SPF, DKIM, and DMARC tests:

ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@domain.com header.s=default header.b=A8undSru;
spf=pass (google.com: domain of cptest@domain.com designates xxx.xxx.34.4 as permitted sender) smtp.mailfrom=cptest@domain.com;
dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=domain.com

Authentication-Results: mx.google.com;
dkim=pass header.i=@domain.com header.s=default header.b=A8undSru;
spf=pass (google.com: domain of cptest@domain.com designates xxx.xxx.34.4 as permitted sender) smtp.mailfrom=cptest@domain.com;
dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=domain.com
Click to expand...

cPanelLauren · Jul 6, 2018

I didn't indicate that you did not have DMARC enabled, in fact based on the error from Gmail it looks like it is enabled and is being rejected due to an issue with your DMARC record. Based on that portion of the response from the ticket it looks like we were unable to identify why the email was being passed to spam, it looks to be a different issue since in that case your DMARC passed per the header information.

In the instance you're referencing above it looks like Gmail is telling you they're rejecting the mail based on the DMARC policy in place:
Code:
Unauthenticated email from domain.com is not accepted due to domain's DMARC policy. Please contact the administrator of domain.com if this was a legitimate mail.
I sent you the threads I did to ensure that you've got your DMARC configured properly as I am unable to see it in the forums. If you are experiencing issues with Gmail only on this I would suggest you contact Gmail directly to troubleshoot further Postmaster Tools – Google as we are not aware of their methods for determining what is and isn't accepted/rejected and especially as you've tested using mail-tester and your score was 10/10

Thanks!

rpvw · Jul 6, 2018

Set your DMARC Mail Receiver Policy to "None" (p=none)
Add both the rua and ruf tags pointing at a working email address on the same domain as the DMARC record is for (rua=mailto:domain@example.com and ruf=mailto:domain@example.com)
Set the reporting level to 100% and the fo tag to 1 (fo=1)

After publishing the record, you will start to get both forensic and aggregate reports by email about how hosts are interpreting the DMARC record, but they will NOT block mail based on any issues they find.

Only after you see that all the DMARC components are passing the Mail Receiver Policy, should you elect to change the p= to either quarantine or reject

Your record during the testing process should look something like :
Code:
v=DMARC1; p=none; fo=1; rua=mailto:domain@example.com; ruf=mailto:domain@example.com; rf=afrf; pct=100
Change the domain@example.com to working email address on the same domain as the DMARC record is for.

Finally, you can test your DMARC record at DMARC Tools - Domain Message Authentication Reporting & Conformance Lookup - MxToolBox

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

Gmail DMARC Policy Issue

Bashed Well-Known Member

cPanelLauren Forums Analyst
Staff Member

Bashed Well-Known Member

cPanelLauren Forums Analyst
Staff Member

rpvw Well-Known Member

SOLVED Can't receive emails from gmail

my domain E-Mail go to gmail spam folder

SOLVED IDN-domain addresses rejected if sent from Gmail

Forward to gmail without authentication

SOLVED Sending to Gmail error did not encrypt this message

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

Gmail DMARC Policy Issue

Bashed Well-Known Member

cPanelLauren Forums Analyst Staff Member

Bashed Well-Known Member

cPanelLauren Forums Analyst Staff Member

rpvw Well-Known Member

SOLVED Can't receive emails from gmail

my domain E-Mail go to gmail spam folder

SOLVED IDN-domain addresses rejected if sent from Gmail

Forward to gmail without authentication

SOLVED Sending to Gmail error did not encrypt this message

Share This Page

cPanelLauren Forums Analyst
Staff Member

cPanelLauren Forums Analyst
Staff Member