DMARC records inconsistency

at Dig web interface - online dns lookup tool, i see two conflicting DMARC records for Teten.com.

But from within Cloudflare, I only see one DMARC record:
“v=DMARC1; p=none; rua=mailto:[email protected]

what’s causing this? How do I fix this?

This is causing problems for my use of Hubspot, which says it can’t send emails from my domain, because of two conflicting DMARC records.

It does appear there are two…
https://cf.sjr.org.uk/tools/check?895fd23a33204d40919cf8805aec8a50#dns-mail

If you are sure that your Cloudflare dashboard only has one DMARC record here…
https://dash.cloudflare.com/?to=/:account/:zone/dns/records
…then you can try to delete your existing one DMARC record and see if DNS lookups then show none. Then manually add the Cloudflare DMARC record back in.

I do recall seeing this strange issue once before.

I just deleted my DMARC record, and then re-created it using Cloudflare’s wizard. I still see the problem at
https://cf.sjr.org.uk/tools/check?895fd23a33204d40919cf8805aec8a50#dns-mail
but maybe that’s because of caching?

Maybe the problem is caused by this DNS record, which I don’t recall creating myself:
TXT, _smtp._tls, “v=TLSRPTv1; rua=mailto:example@sxu____k9cgc.uriports.com”

The results are for the time the check was run. You need to re-run it to get the current status, but it is still there…
https://cf.sjr.org.uk/tools/check?117ef4a2fbfa46089f6509b5603435a2#dns-mail

Probably not, but you are not using that service, delete it as it’s probably an old record you imported when adding Cloudflare.

Delete the Cloudflare DNS record again and don’t add it back yet. See if the extra DMARC record exists on its own when you do that.

Can you show a screenshot of your DNS records from Cloudflare?

1 Like

I deleted
TXT, _smtp._tls, “v=TLSRPTv1; rua=mailto:tlsrpt@sxu____k9cgc.uriports.com

I also deleted the Cloudflare DNS DMARC record, and then used the Cloudflare wizard to recreate it.

I waited 2 days to see if this was a caching issue, but I still have the same problem.

Hi @teten

In your DNS dashboard, you have a DMARC record named _dmarc, but in your DMARC management dashboard you have a DMARC record named _dmarc.teten.com, so this is two different DMARC records.

1 Like

I deleted _dmarc.teten.com , but i still have the same problem.

I submitted an escalation request for this issue.

Hi @teten,

Looking at some similar issues that other Cloudflare users had, I saw that they were able to remove the extra DMARC record by deleting the existing _dmarc record from their DNS dashboard and using Cloudflare’s DMARC Wizard to re-add it. Enable DMARC Management (beta) · Cloudflare DMARC Management docs

Could you try backing up your DMARC record, deleting it from your dashboard and re-adding it using the DMARC wizard?

Yes, i have deleted it and then recreated it. that didn’t solve the problem

i wonder if the problem is as follows:

example @ example1 .com and example @ example .com used to be completely separate email accounts, each with their own DMARC authentication. However, i merged them and now example @ example1 .com is an alias of example @ example.com. i use google.com to manage these email boxes.

DNS is not going to have any knowledge of mailbox aliases, so that won’t be a contributing factor.

When you deleted your DMARC record in your DNS and the one from your DMARC Management, where you ever able to achieve a state of no published DMARC records?

from within cloudflare, i deleted the DMARC from both teten. com and versatilevc. com

but i still see the reference to uriports at Dig web interface - online dns lookup tool

however, on Dig for versatilevc. com the DMARC looks OK; I see the following

_dmarc. versatilevc. [email protected] (Default):
versatilevc. com. 1800 IN SOA itzel.ns. cloudflare .com. dns. cloudflare. com. 2337665256 10000 2400 604800 1800

From within cPanel Redirect, I found the entry below. Should I delete it?
_smtp._tls.teten.com. 14400 TXT v=TLSRPTv1; rua=mailto:[email protected]

I don’t see this record from within cloudflare

I deleted the SRMP record from within cpanel that i mentioned above .
and have waited 2 days. I now see no mention of uriports at all, from within either cpanel or cloudflare. however, at digwebinterface i still see two conflicting DMARC records for teten dot com, including one mentioning uriports.com

I don’t know what’s going on?

Hi @teten

If you are not using uriports.com as email provider, then I would suggest that you reach out to them and have then remove the DMARC file related to uriports.com, as this file is not configured in Cloudflare, so we are not able to help you get this file deleted.

but why should uriports.com control what data is showing up when someone looks up the zone records for teten.com ?

1 Like

Hi there @teten,

Thanks for reaching out to Cloudflare community, sorry to read that you’re experiencing difficulties.
After reviewing this issue, I’ve raised an internal escalation to our Engineering team, as I can observe the “Ghost” TXT DMARC record for sxuk9cgc.uriports.com from our backend, and confirmed you are unable to see it or edit it via dashboard.
The team will run some diagnostics and we will to keep you updated on further developments.

1 Like

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.

Hey, just wanted to give a quick update here. The problem seems to be that the “ghost” record, which was created quite a while ago, is invalid and can’t be parsed by modern versions of our API. We’re getting this fixed so that invalid records are still shown, with a list of errors attached.

3 Likes