I set up DMARC management here on Cloudflare because I am suddenly getting aggregate DMARC reports daily. I don’t use the domain for sending any emails, so I’m a bit puzzled about that and hoping that my domain isn’t getting spoofed.
Because I don’t use the domain for email, I set up the rua and ruf records to send reports to my email (that is on a different domain). A DMARC testing site said that the external email isn’t valid, and “In order to receive reports to “***@iserv.net” email, there must be “v=DMARC1” TXT record published for “pmi-global.net._report._dmarc.iserv.net” subdomain”.
I created a TXT record to that effect, but I am still getting that error. I cannot find any documentation on validating external emails here, so…help?
According to the spec, if you want reports sent to an address at a domain, that domain has to have a DNS record indicating that they accept the reports. So, to receive the reports at an @iserv.net address, the iserv.net domain has to have such a record. If you don’t own that domain, this isn’t something you can set up yourself.
If you do own iserv.net then you need to add this record on that domain, not the one you’re getting reports for.
I note that you have Cloudflare’s DMARC management address as your rua but the additional address as ruf. I’ve seen no indication that Cloudflare’s thing processes forensic reports, but I’m not sure how many systems even generate them to begin with (for privacy reasons). You may not need or want them at all, and may be fine with just the Cloudflare rua.
I took my address off the rua because we suddenly started getting inundated with aggregate reports out of nowhere.
No, I don’t own iserv. It was its own ISP back in the day, hence the email address. Things changed, but they still offer the email after partnering with Microsoft. I doubt they’ll be willing to add the record. But thanks for explaining that! I added a record on mine because the directions were not clear.
Cloudflare made the record with their address and kept mine on there. I took it off because the reports were getting to be a lot. Figured I could see them in the CF dashboard instead. Strangely, there is nothing there even though it’s been over 24 hours and the emails are still coming through.
According to what I read, the ruf isn’t used much anyhow, so I was toying with the idea of removing that as well.
Thanks for your help! I am learning this but it’s not easy when explanations are geared for people with a lot more knowledge than me.