I have setup a mail server with several postoffices/domains. DKIM, SPF and DMARC are setup for every domain. For the mailserver domain, which is a postoffice as well, I get weird DMARC reports, where the spf auth result lists the mx domain and the result is none. All other domains pass DKIM and SPF with the same DNS Records.
DNS-Records for all domains are setup as follows:
- @ 10800 IN MX 10 mail.msdomain.net.
- @ 3600 IN TXT "v=spf1 mx -all"
- domain/msdomain._domainkey 3600 IN TXT "v=DKIM1; p=***; v=DMARC1; p=none; rua=mailto:abuse@domain.net; ruf=mailto:abuse@domain.net"
And here's the weird DMARC report:
my.dedicated.ms.ip
2
none
pass
fail
|
msdomain.net
msdomain.net
pass
msdomain
mail.msdomain.net
none
I just don't get it. Why is DMARC evaluating my mx domain for SPF. Mails are coming from info@msdomain.net and not from info@mail.msdomain.net.
Can someone help?
Answer
Adding the "a"-mechanism to the SPF record seems to have resolved the issue for e-mail addresses with the same domain as the mail server.
The new SPF record looks like this now:
- @ 3600 IN TXT "v=spf1 a mx -all"
The domain is now listed properly in DMARCs auth_results:
msdomain.net
pass
msdomain
msdomain.net
pass
However for all other domains on the same mail server I left the SPF record the way it was since SPF always passed in DMARC reports for those domains.
- @ 3600 IN TXT "v=spf1 mx -all"
I'm not really able to provide a conclusive explanation for this. Maybe someone else can clear things up.
No comments:
Post a Comment