Unable to send email from Freshwork while DMARC policy is present

What is the name of the domain?

What is the error number?

550-5.7.26 domain’s DMARC policy

What is the error message?

550-5.7.26 domain’s DMARC policy

What is the issue you’re encountering

I’m unable to send any email from Freshwork after adding their CNAME records to Cloudlfare for domain verification. Upon contacting Freshwork support, they said that I can’t send email because of some errors with the DMARC policy.

What steps have you taken to resolve the issue?

Check if I have DMARC record in DNS dashboard in Cloudflare and I can verify that I have DMARC record in Cloudflare DNS dashboard.

What feature, service or problem is this related to?

I don’t know

What are the steps to reproduce the issue?

Sending email with orientsoftware.com domain name from Freshwork but no email reaches the receiver addresses.

Screenshot of the error

dmarc record.jpg1687×613 77.4 KB

1. What CNAME records did they ask you to add?

2. How does your Cloudflare Dashboard look, in regards to these specific CNAME records?

3. Are the Proxy status for these CNAME records set to Proxied (), or Unproxied () / DNS-only?

Proxy status MUST be Unproxied () / DNS-only, for any DNS record(s) you have, that is related to email traffic.

Hi,
1&2. Please check this image below for all the records that Freshwork requires and my DNS dashboard on Cloudflare:

img1589×1650 350 KB

3. All the added records’ status are set to DNS only

One thing I forgot to mention. That is in the DMARC Management tab, it seems that DMARC management is not enable. Does this have anything to do with the error I have?

image2234×1196 163 KB

I can confirm that all the listed DNS records are set up exactly as instructed.

No.

That is just a tool for viewing DMARC reports.

And currently, your domain is configured to use Dmarcian’s tool for that.

By doing it in the exact same way as these messages that fail, -

Can you try to send an email to the email address, that I have sent to you privately, from Freshwork?

Can you try to send an email to the email address, that I have sent to you privately, from Freshwork?

I’ve sent an email to this address from Freshwork.

I can confirm that all the listed DNS records are set up exactly as instructed.

This is the full list of DNS records on my Cloudflare. Some records’ status are still Proxied. Do you think any of them would cause the error?

Untitled1604×2570 217 KB

Three delivery attempts was made, apparently two roughly 10 minutes before your message (on 2025-01-15T02:12:26Z and 2025-01-15T02:12:33Z), and one roughly three minutes after your message (on 2025-01-15T02:25:33Z).

(Seems like the seconds aren’t being displayed, - so for clarity, 03:12:26, 03:12:33 and 03:25:33, Europe/Copenhagen (CET)).

→

According to your screenshot, you were asked to add the “CNAME (SPFMX)” that was named “fwdkim”.

However, -

The RFC5321.MailFrom / SMTP MAIL FROM / Return-Path / Envelope From domain that Freshworks used for the emails, it was “@fwdkim2.orientsoftware.com”.

As that (sub-)domain does not exist, the front end filtering on my mail server rejected the messages, with the status code:

550 5.1.8 <bounces+us.?.????-??LOCALPART??=orientsoftware.com@fwdkim2.orientsoftware.com>: Sender address rejected: Domain not found;

The ? marks explained:

1. “?.????”:
   Represents some message specific information, such as e.g. to track the individual message’s (and/or recipient’s) delivery status.

2. “??LOCALPART??”:
   Seems to represent the local part of your wanted header From: address, that recipients will see in their email client. Such as e.g. if you were using “john.doe@”, it would be “john.doe”, or if you used “billing@”, it would be “billing”.

In other words, this error is because you do not have any DNS record for “fwdkim2” (“fwdkim2.orientsoftware.com”).

None of these records are causing the error above.

If you do not have any information from Freshworks, that is asking you to add a DNS record named “fwdkim2”, then Freshworks should adjust their domain on-boarding process, as the current one in a such case would be incorrect, when comparing it to what actions are actually doing behind the scenes.

Whether Freshworks wants the exact same CNAME target on “fwdkim2”, or a completely different one, is something you need to coordinate with them.

While I actually understand their initial message regarding the DMARC policy based on the other error message, -

I will NOT suggest you to touch the DMARC policy, but rather dig in to why it is failing.

Without the “fwdkim2” record, according to the above, you’re definitely going to fail SPF, and the SPF alignment for DMARC.

It will however be interesting to see the DKIM, and DKIM alignment.

→

If you are adding the DNS record named “fwdkim2”, with the same contents as “fwdkim”, then you should have passed the check for 550 5.1.8 Sender address rejected: Domain not found;, that failed on my mail server, without any issues.

Or alternatively, if Freshdesk actually had presented the message with a sender address on “@fwdkim.orientsoftware.com” (without the number 2), rather than “@fwdkim2.orientsoftware.com” (with the number 2), this specific check wouldn’t have failed either.

You’re welcome to try adding “fwdkim2”, with the same contents as “fwdkim”, and send another test message my way, so I can see what I see by then.

Hi, I’m working with Freshwork support right now to get this issue fixed. Thank you for your support. I’ll be back when there is new update in this matter.

Thank you for your help. I can send email normally in Freshwork now.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.