DMARC confusion - SPF failing

I am using Amazon SES to send out newsletters from my Wordpress site using Mailster

Have set up and verified my domain and mail address with DKIM configured.

In Cloudflare DNS, I have a single DMARC line reading:
v=DMARC1; p=quarantine; rua=mailto:[email protected][site]
Had two M X entries:
name: root
Mail server: mail[site]

AND (not sure if needed)
name: root
Mail server: smtp[site]

Both of these are DNS Only

With this, I was getting DMARC emails saying DKIM passed but S P F failed

I added another M X entry:
Name - newsletter
Mail server - feedback-smtp.us-east-1|amazonses|com

But still getting S P F failed emails

Not sure if having more than one M X is the issue and, if so, how to get around this since I send emails from that account through a Mac Mail program normally and then via Amazon SES only for the daily/weekly newsletter.

(above URLs changed from . to | and/or [site] and spaces for M X and S P F as forum doesn’t want me to post multiple links)

Thanks!

Most of what you are asking is off-topic for Cloudflare and is better suited for the Technical Help category of the dmarcian forum. I recommend it because I am happy to discuss DMARC topics that are out of scope for the Cloudflare forum, just not here.

Other than your DMARC record, your reference material provided no records that have any relevance on DMARC, DKIM or SPF. SPF has to do with identifying where your email originats. MX records tell the world where you want to receive email. While you can use the value of ‘mx’ in an SPF TXT record, there is no certainty that the same hostname you use to receive mail will use the same address.

If your Amazon SES subscribers need to be able to reply to an address in your newsletter subdomain, that ‘newsletter’ MX is appropriate.

While you could share your SPF TXT records here, this conversation is probably better suited to the dmarcian forum. We will have a lot more latitude over there while still remaining on-topic.

Thank you for all of that!

If it’s not obvious I’m clueless when it comes to this DMARC stuff and only thought of posting here because Cloudflare is where I input those records.

Will go explore that forum.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.