I get DMARC reports for my domain kioskindustry.org – I use Cloudflare email to ONLY receive emails and never send. I am wondering if I should enable DNSSEC. I think I should create email record and txt entries for spf1, DKIM and DMARC1.
A kioskindustry.org 126.96.36.199
MX kioskindustry.org amir.mx.cloudflare.net
MX kioskindustry.org isaac.mx.cloudflare.net
TXT _dmarc v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:[email protected] DNS only
TXT _dmarc v=DMARC1; p=none; rua=mailto:[email protected] DNS only
TXT *._domainkey v=DKIM1; p= DNS only Auto
TXT kioskindustry.org v=spf1 -all DNS only
TXT kioskindustry.org v=spf1 include:_spf.mx.Cloudflare.net ~all DNS only
TXT kioskindustry.org google-site-verification=FMDz1VbsJ4HGOAPXTjUp84c4jPjMW4C00XontF7Pw1s DNS
Here is sample DMARC report I got this morning and not sure how to read this but I do see the “FAIL” condition showing up. Again, I only receive mail at [email protected] and never send anything.
<?xml version="1.0" encoding="UTF-8" ?>
If you publish more than one SPF record, you will cause SPF validation to fail. Only one SPF record is permitted. That limit is per name, meaning that you could have a different SPF records for
example.com, but not more than one SPF for
DMARC reports aren’t meant to be read by humans. They are normally parsed by software at a DMARC monitoring service. You can run the XML report through dmarcian’s XML to Human Converter to get some better detail, but sending your reports to a dedicated monitoring service will likely prove more usable.
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.