DMARC and DNS Errors

I am getting a DMARC error emailed to me. This is what it says:


Then I found this DNS error in godaddy.

Connect your domain

To connect your domain you will need to log in to the provider where it is registered and modify your DNS records.

But I checked the DNS and it i correctly pointing to Cloudflare.

I’m sure I screwed up installing this certificate somewhere, but I don’t know where. My website looks like it’s working…

Can anyone help me?

Hello, the DMARC report you included is indicating that both the DKIM and SPF checks for the received email failed. This can be caused by misconfiguration of DNS settings, your mail provider/SMTP server or someone attempting to send spoofed emails using your domain.

To fix the SPF fail, your SPF DNS record needs to include all the mail servers that are sending mail for your domain. If you are using godaddy for sending emails please see Use SPF records to prevent spoofing and ensure mail delivery | Microsoft 365 from GoDaddy - GoDaddy Help US .

To fix the DKIM fail, you need to setup DKIM records for the domain in DNS. These records must be provided by your email smtp server provider and are specific to your domain so they should be available somewhere in your email providers control panel. Set up DKIM or DMARC records for my email | Gen 4 VPS & Dedicated Servers - GoDaddy Help US

What DNS records is it asking you to modify? My guess is SPF and DKIM records, in which case you just edit the TXT records for them.

GoDaddy says to change the A@ DNS and they give me a number, but when I check on Cloudflare, it is already that number?

I spent 3 hours on chat with GoDaddy yesterday to get it straightened up and they said to just ignore the error? How can I ignore an error like this? Shouldn’t they fix it? Should I ignore it?

I don’t use email from my website. I just use gmail, so I don’t understand where these errors could be coming from.

If you are not sending email from an email address on your website domain then someone is spamming/sending unauthorized email using your domain. You can change your existing _dmarc record to v=DMARC1; p=reject; adkim=s; aspf=s; to make it as hard as possible for the spammer to continue using your domain and no longer receive any messages about it. In short, this policy recommends to any server receiving mail from your domain to outright reject it if either DKIM or SPF checks fail. You can also change your SPF TXT record to v=spf1 -all to ensure that the SPF check always fails and mail gets rejected.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.