[Solved] DMARC Failure!

Discussion in 'Common issues' started by Ali Akbar, Jun 8, 2019.

  1. Ali Akbar

    Ali Akbar New Member

    Joined:
    Jun 8, 2019
    Messages:
    2
    Likes Received:
    1
    S.E:
    2019-12-05 09:47:20
    L.T:
    Regular
    L.C:
    1
    Hey guys,

    Purchased Mailwizz recently.

    I have a server on Vultr with CPanel/WHM.

    I am using Sendgrid and have authenticated (and whitelabeled) my domain in Sendgrid via updating CNAME records in CPanel of the domain.

    I send an email to Mail-Tester, it passes SPF and DKIM, but fails DMARC (that I set up via DMARC Global Cyber alliance).

    Here is SPF from Mail-Tester

    Code:
    Sender Policy Framework (SPF) is an email validation system designed to prevent email spam by detecting email spoofing, a common vulnerability, by verifying sender IP addresses.
    What we retained as your current SPF record is:
    
    v=spf1 include:sendgrid.net ~all
    
    
    Verification details:
    
    dig +short TXT em2643.theaudiencer.com :
    u3581770.wl021.sendgrid.net.
    "v=spf1 include:sendgrid.net ~all"
    dig +short TXT @u3581770.wl021.sendgrid.net. em2643.theaudiencer.com :
    spfquery --scope mfrom --id bounces+3581770-9f50-test-os43a=mail-tester.com@em2643.theaudiencer.com --ip 167.89.100.130 --helo-id o2.3nn.shared.sendgrid.net :
    pass
    em2643.theaudiencer.com: Sender is authorized to use 'bounces+3581770-9f50-test-os43a=mail-tester.com@em2643.theaudiencer.com' in 'mfrom' identity (mechanism 'include:sendgrid.net' matched)
    em2643.theaudiencer.com: Sender is authorized to use 'bounces+3581770-9f50-test-os43a=mail-tester.com@em2643.theaudiencer.com' in 'mfrom' identity (mechanism 'include:sendgrid.net' matched)
    Received-SPF: pass (em2643.theaudiencer.com: Sender is authorized to use 'bounces+3581770-9f50-test-os43a=mail-tester.com@em2643.theaudiencer.com' in 'mfrom' identity (mechanism 'include:sendgrid.net' matched)) receiver=ns303428.ip-94-23-206.eu; identity=mailfrom; envelope-from="bounces+3581770-9f50-test-os43a=mail-tester.com@em2643.theaudiencer.com"; helo=o2.3nn.shared.sendgrid.net; client-ip=167.89.100.130
    Here is DKIM from Mail-Tester:

    Code:
    DomainKeys Identified Mail (DKIM) is a method for associating a domain name to an email message, thereby allowing a person, role, or organization to claim some responsibility for the message.
    The DKIM signature of your message is:
    
        v=1;
        a=rsa-sha256;
        c=relaxed/relaxed;
        d=theaudiencer.com;
        h=content-type:from:mime-version:reply-to:subject:to;
        s=s1;
        bh=+lNtgQwhLOjoOa9H8lz87q8TKK8QF3jpv6L9tr3ozLs=;
        b=p7yFbh2dzLUV7H1wjiDu6Bs6W32IJU31WLVwI/Z7Z9HZFqg6k87bYMNNaMGW1ywgo3dBcvz3/KzDdLyt9SvSINCUJ13yb+J8QTGJ8Nkjab/O51SWYYqjXzGDblNBWiszRXSXXqnxQyhwG1EDmDEpefkN1jLStgX4LHPx7UayJCw=
    Your public key is:
    
    "k=rsa;
    t=s;
    p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC46FFAPxKS0a+lNrMs/HxEgCWS8PCTU4XxLbgEiB8ow5pceOd6l63NQDwzosY2UOML57N2PchkdbCyHydcTEgb09cCOubCXr3JoyjVNy0hDC+mF+0187OSEk2NYIFtl0n5NpNNcQduPPEbjiiWBNYURYU5W2AcM9Oag42pdkxrHwIDAQAB"
    Key length: 1024bits
    And here is DMARC from Mail-Tester:

    Code:
    A DMARC policy allows a sender to indicate that their emails are protected by SPF and/or DKIM, and give instruction if neither of those authentication methods passes. Please be sure you have a DKIM and SPF set before using DMARC.
    You are not allowed to send a message with this address
    
    DMARC DNS entry found for the domain _dmarc.theaudiencer.com:
    
    "\"v=DMARC1; p=reject; rua=mailto:reports@theaudiencer.com; ruf=mailto:reports@theaudiencer.com; sp=reject; aspf=s; adkim=s; ri=86400\""
    Verification details:
    
    mail-tester.com; dkim=pass (1024-bit key; unprotected) header.d=theaudiencer.com header.i=@theaudiencer.com header.b=p7yFbh2d; dkim-atps=neutral
    mail-tester.com; dmarc=permerror header.from=theaudiencer.com
    mail-tester.com; dkim=pass (1024-bit key; unprotected) header.d=theaudiencer.com header.i=@theaudiencer.com header.b=p7yFbh2d; dkim-atps=neutral
    From Domain: theaudiencer.com
    DKIM Domain: theaudiencer.com
    Any help is greatly appreciated as this is driving me nuts.
     
  2. Ali Akbar

    Ali Akbar New Member

    Joined:
    Jun 8, 2019
    Messages:
    2
    Likes Received:
    1
    S.E:
    2019-12-05 09:47:20
    L.T:
    Regular
    L.C:
    1
    I solved it.
    Basically DMARC policy can't be in double quotes.
    That was the reason for DMARC failure.
     
    twisted1919 likes this.

Share This Page