Correct DMARC configuration

Hi,
My email messages are rejected due to a domain’s DMARC policy. Can you provide instructions on how to correct the DMARC configuration?

Regards,
Hal

do you mean they are being rejected because your DMARC policy is too strict? (i.e. the receiving server is doing what you asked for). In this case, kindly post the domain, so that we can see the policy.

or do you mean your e-mails are rejected because your domain does not have a DMARC policy? (I don’t think any receiving server actually requires that the sender have a DMARC policy).

Bernardo,

See the attached screenshot image, regarding Google Workspace Support 48978035: Update DKIM DNS Records. The DNS records are not propagating.

Regards,
Hal

The record is there, but there are 2 for the google selector so you should delete the extra one.
https://cf.sjr.org.uk/tools/check?e774a0d9cfab48889266df1ccb27f222#dns-mail

Also, if you are sending from Google, your SPF records indicate mail only comes from Cloudflare.

2 Likes

sjr,

I’ve deleted the secondary DKIM record. However, the error persists.

In addition, sent a request to GCP for assistance on how to create an SPF record for outbound Google Cloud email messages.

Thanks,
Hal

2 Likes

DKIM looks OK.

$ dig +short google._domainkey.cfored.com TXT
"v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAg2oX5vBxEEq+9p44067+BrZSte0cyT+hizTTrIWzWBs1M844ycJvxjYLe/Xv+LMOXboHig2qUbRvsgIj7JjG+ZHP/UB7DrKWYjPhyOm6G4m7RjnEKdjqmh/Dd9pzIeJ3AAxUOT8UixmRza+f6eYaroWrm+0JsFr82H7g10BEYXAv6U/FQlVG+Jy/v6rmpty/k" "HOHSEuDnyQrehEGAr1LXC0eHrgLlEy1y5zxiYK4AK93mIgI4Xap4MOrT8kbkkxXofLKl3ZbkHGh9phjxZ7ZXDyk/9/VzBkvHFjguVTBkHmh6xDW/N1On2OJ0FTYbFlPGW9ka1nMKQEiKqBteQ3lawIDAQAB"

and as noted above your SPF record indicates that only Cloudflare can send e-mails for your domain.

Your MX record also points to Cloudflare.

If you want to use Google as your mail server, then you have to correct that, as currently the relevance of Google is not clear (to me).

I would recommend that you contact your mail admin, and they should take care of this.

bernardo.reino,

I’m writing to request your assistance in configuring my Cloudflare SPF | DNS records to enable sending email messages from both my Gmail and Outlook accounts.

I would greatly appreciate your guidance in understanding and updating these records correctly to ensure smooth email sending from both platforms.

Thank you for your time and assistance.

Regards,
Harold

Hi,

I’m writing to request assistance with my Cloudflare DNS records. I’d like to configure them to send email through both Cloudflare and my custom MX record hosted by Duo Circle.

Currently, I wish to use Cloudflare for email delivery to Cloudflare Worker (workers-n8n-3) but need help updating my MX records to accommodate both Cloudflare and my Duo Circle record. I’m unsure how to properly prioritize them to ensure smooth email delivery from both services.

I’ve attached a screenshot of my current Duo Circle settings for your reference. Please let me know if you require any further information.

I would greatly appreciate your guidance in configuring these records correctly.

Thank you for your time and assistance.

Regards,

Harold

@user8702,

Notwithstanding the fact that this is a user-to-user forum, so that no assistance can be ‘requested’, I still fail to see what the issue is.

From your screenshot it would appear that you use “Google Workspace” to manage the e-mail for your cfored.com domain. This means that you have to set everything up at Google.

At most, you seem to be using Cloudflare to manage the DNS records for that domain, but the actual content (DKIM, SPF, etc.) is something that Google would have to provide you, and not Cloudflare.

Also, you want to enable “sending email messages from both my Gmail and Outlook accounts”, which might involve correctly setting up of SPF, DKIM (possibly DMARC as well, but that’s less common as a requirement for deliverability), and other even more basic things like forward-confirmed-reverse-DNS.

This is not something a random user in a Cloudflare forum (= me) can assist you with. E-mail (and DNS) is a very serious topic, and should be left to professionals. Otherwise you risk misconfiguring things with unpredictable results (including the sending of spam from your domain and/or your mail server).

Good luck in any case!

1 Like

Please close the open ticket

Thanks

Hi bernardo.reino,

We are transitioning to an infrastructure-as-code solution using Terraform. This solution is designed to enable the simultaneous sending of MX email messages to both Cloudflare and Duo Circle. You can find more details,https://gist.github.com/DevCEDTeam/00b1f6b03e8671f8f0406955c893501a.

I’d appreciate any further guidance.

Regards,
Hal

Hi,

We are transitioning to an infrastructure-as-code solution using Terraform. This solution is designed to enable the simultaneous ( rather than using priorities) sending of MX email messages to both Cloudflare and Duo Circle (email hosting service). You can find more details,https://gist.github.com/DevCEDTeam/00b1f6b03e8671f8f0406955c893501a.

I’d appreciate any further guidance.

Regards,
Hal

Is that ticket 3097195 or 3093571?

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.