Gmail DMARC Policy Issue

Bashed

Well-Known Member
Dec 18, 2013
146
4
68
cPanel Access Level
Root Administrator
My domain has
  • DMARC
  • SPF
  • DKIM
  • rDNS
  • Clean RBL
I still get these from various Gmail using recipients below. Please help me to fix this issue once and for all.

Code:
<[email protected]>: host aspmx.l.google.com[173.194.76.26] said: 550-5.7.1
    Unauthenticated email from domain.com is not accepted due to 550-5.7.1
    domain's DMARC policy. Please contact the administrator of 550-5.7.1
    domain.com domain if this was a legitimate mail. Please visit 550-5.7.1
    https://support.google.com/mail/answer/2451690 to learn about the 550 5.7.1
    DMARC initiative. b4-v6si7598406wru.376 - gsmtp (in reply to end of DATA
    command)
I did a test on Newsletters spam test by mail-tester.com too. 10/10 score.
 

Bashed

Well-Known Member
Dec 18, 2013
146
4
68
cPanel Access Level
Root Administrator
My first post stated clearly I have DMARC enabled.

Even a cPanel tech told me in a ticket the following...

When I created a test email account, [email protected], and sent a test message from it to our test Gmail account, [email protected], I found that the message was delivered, but was redirected to the Spam folder. I am uncertain as to why this occurred, as your server appears to be correctly configured to send mail from the domain, and as the headers of the message indicate that it passed the SPF, DKIM, and DMARC tests:

ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass [email protected] header.s=default header.b=A8undSru;
spf=pass (google.com: domain of [email protected] designates xxx.xxx.34.4 as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=domain.com

Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=default header.b=A8undSru;
spf=pass (google.com: domain of [email protected] designates xxx.xxx.34.4 as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=NONE dis=NONE) header.from=domain.com
 

cPanelLauren

Product Owner
Staff member
Nov 14, 2017
13,295
1,273
313
Houston
I didn't indicate that you did not have DMARC enabled, in fact based on the error from Gmail it looks like it is enabled and is being rejected due to an issue with your DMARC record. Based on that portion of the response from the ticket it looks like we were unable to identify why the email was being passed to spam, it looks to be a different issue since in that case your DMARC passed per the header information.

In the instance you're referencing above it looks like Gmail is telling you they're rejecting the mail based on the DMARC policy in place:

Code:
Unauthenticated email from domain.com is not accepted due to domain's DMARC policy. Please contact the administrator of domain.com if this was a legitimate mail.
I sent you the threads I did to ensure that you've got your DMARC configured properly as I am unable to see it in the forums. If you are experiencing issues with Gmail only on this I would suggest you contact Gmail directly to troubleshoot further Postmaster Tools – Google as we are not aware of their methods for determining what is and isn't accepted/rejected and especially as you've tested using mail-tester and your score was 10/10

Thanks!
 

rpvw

Well-Known Member
Jul 18, 2013
1,101
465
113
UK
cPanel Access Level
Root Administrator
Set your DMARC Mail Receiver Policy to "None" (p=none)
Add both the rua and ruf tags pointing at a working email address on the same domain as the DMARC record is for (rua=mailto:[email protected] and ruf=mailto:[email protected])
Set the reporting level to 100% and the fo tag to 1 (fo=1)

After publishing the record, you will start to get both forensic and aggregate reports by email about how hosts are interpreting the DMARC record, but they will NOT block mail based on any issues they find.

Only after you see that all the DMARC components are passing the Mail Receiver Policy, should you elect to change the p= to either quarantine or reject

Your record during the testing process should look something like :
Code:
v=DMARC1; p=none; fo=1; rua=mailto:[email protected]; ruf=mailto:[email protected]; rf=afrf; pct=100
Change the [email protected] to working email address on the same domain as the DMARC record is for.

Finally, you can test your DMARC record at DMARC Tools - Domain Message Authentication Reporting & Conformance Lookup - MxToolBox
 
  • Like
Reactions: cPanelLauren