I have both RUA and RUF reports setup in my DMARC record. My understanding is its recommended to link these to a 3rd party service, but also can have a “normal” email address that reports are emailed to. We do not get any reports to any of our email addresses listed. We are pretty confident the record is corret: v=DMARC1; p=reject; rua=mailto:[email protected],mailto:[email protected],mailto:[email protected]
When experimenting, DMARC was set to p=none, but SPF was set to hard fail. Sending emails from a non-authorized server according to SPF still went though, and even reported passing in the header. It was only after we added a DMARC policy that SPF “started working” despite its hard fail status.
Any insight would be appreciated.
Cloudflare will publish whatever you have in your TXT records. Cloudflare does not determine DMARC syntax or operation, but if you check dmarcian.com and their forums, that should get you pointed in the right direction.
Not every (receiving) server sends DMARC reports, so depending on your volume you may receive few reports (or none).
Even if you set SPF to fail the receiving mail server will do whatever it’s been programmed to do. Many take SPF as a recommendation/score for their own spam filtering.
DMARC is more “binding” than that, which may explain your SPF “starting to work”.
But generally, you can only control your side of things (“your network, your rules”), and Cloudflare has no role in this (except for making sure DNS works, which it does excellently :).
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.