Email Configuration for Domain that Only Receives Email

I get DMARC reports for my domain kioskindustry.org – I use Cloudflare email to ONLY receive emails and never send. I am wondering if I should enable DNSSEC. I think I should create email record and txt entries for spf1, DKIM and DMARC1.

Right?

A kioskindustry.org 35.202.49.175
MX kioskindustry.org amir.mx.cloudflare.net
MX kioskindustry.org isaac.mx.cloudflare.net
TXT _dmarc v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s; rua=mailto:[email protected] DNS only
TXT _dmarc v=DMARC1; p=none; rua=mailto:[email protected] DNS only
TXT *._domainkey v=DKIM1; p= DNS only Auto
TXT kioskindustry.org v=spf1 -all DNS only
TXT kioskindustry.org v=spf1 include:_spf.mx.Cloudflare.net ~all DNS only
TXT kioskindustry.org google-site-verification=FMDz1VbsJ4HGOAPXTjUp84c4jPjMW4C00XontF7Pw1s DNS

Here is sample DMARC report I got this morning and not sure how to read this but I do see the “FAIL” condition showing up. Again, I only receive mail at [email protected] and never send anything.

<?xml version="1.0" encoding="UTF-8" ?> infomaniak.com [email protected] kioskindustry.org:1666659601 1666562400 1666648800 kioskindustry.org r r

none

none 100 198.2.184.115 1 none fail fail local_policy arc=fail kioskindustry.org mail115.suw91.mcdlv.net pass 198.2.131.244 1 none fail fail local_policy arc=fail kioskindustry.org mail244.atl121.mcsv.net pass

If you publish more than one SPF record, you will cause SPF validation to fail. Only one SPF record is permitted. That limit is per name, meaning that you could have a different SPF records for mail.example.com, newsletter.example.com, and example.com, but not more than one SPF for example.com.

DMARC reports aren’t meant to be read by humans. They are normally parsed by software at a DMARC monitoring service. You can run the XML report through dmarcian’s XML to Human Converter to get some better detail, but sending your reports to a dedicated monitoring service will likely prove more usable.

3 Likes

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.