DMARC error messages

I am getting DMARC error messages. This is the code that comes to me in the email; Album — Postimages

Those pictures render too small to read on mobile, but they appear to be XML DMARC reports. If you are receiving these in your email, it would be due to you requesting them by way of publishing your email address in the RUA field of your DMARC record.

You normally would want to use the reporting address provided by your DMARC monitoring service. DMARC reports can become high volume and are not easily read by humans. You can convert them to a more readable format using the following tool at dmarcian. If you want them to be sent elsewhere, you will need to update your DMARC policy.

2 Likes

As you can see from that link, it’s definitely easier to read the XML once it has been parsed.

1 Like

What should I do? I have no idea.

It is simply a DMARC report about email activity pretending to be from your domain name, e.g. the friendly “From:” header of the message was using your domain.

Somewhere between 2023-03-24 12:00 AM UTC to 2023-03-24 11:59 PM UTC, a message was delivered to the Google network from the IP address 176.9.183.138 (apparently mta138.sendingservice.net).

Since the DKIM does show a pass, as well as having proper alignment to the giocone.com domain, this one appears quite much to be a legitimate message originating from the domain giocone.com.

In order to pass that DKIM check, as well as to have alignment, the person setting up the email delivery must have (had) access to the DNS configuration for the domain giocone.com during the set up.

The message was passing DKIM with thanks to the CNAME DNS record residing on mailpoet2._domainkey.giocone.com pointing towards dkim2.sendingservice.net.

If you do actually recognize MailPoet as valid sender on behalf of your domain(s), there would be absolutely nothing to worry about here.

What you should do depends upon your desired outcome and your budget.

I find using a DMARC monitoring service to collect the reports preferable to using an inbox. Most services involve a subscription fee. However, some can be found with free options as long as certain conditions are met.

If you want to use a DMARC reporting service, update your DMARC record to replace your inbox with the reporting address they assign your account. If you don’t want to receive any DMARC reports, remove the entire rua directive from your DMARC record. If you decide to keep receiving your DMARC reports in your inbox, you might want to implement a means to filter them.

1 Like

You have confused me more. The DMARC is fine, now it seems I don’t have the SPF.

Which part to copy to dmarcian - Domain Report For GIOCONE.COM and add to Cloudflare?

I find nothing copyable and new.

Why would you expect to find diverging like that? That is not what a DMARC report contains. It is s message from an email provider that contains data on appearances of your domain in emails that it processed. There is only one sending source in that DMARC report and it is not SPF capable, so there is nothing in it that would affect your SPF record.

You might consider posting specific questions in the dmarcian forum if you are looking to learn more about how email authentication is implemented. Cloudflare DNS is a tool that can publish the required records, but a deep dive into how to create such records is out of scope for the Cloudflare Community.

1 Like

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.