Dmarc Report from google

mugnipper

Hi,

I am using mailcow dockerized on a self hosted server.

For my domain donotreply.jr0.de I get from time to time an report domain email, with subjects like this:

Report domain: donotreply.jr0.de Submitter: google.com Report-ID: 1012634954563157833

With an xml-file inside looking like this( I attached the xml file ):

googlecomdonotreplyjr0de16161984001616284799.xml

2kB

For my other domains I don’t get this kind of e-mails, and every mail send from this domain to google is rejected with the message:

host
gmail-smtp-in.l.google.com[2a00:1450:400c:c0c::1b] said: 550-5.7.1
[2a03:4000:53:e8a:94c8:29ff:fe91:5e82 19] Our system has detected
550-5.7.1 that this message is likely suspicious due to the very low
reputation 550-5.7.1 of the sending domain. To best protect our users from
spam, the 550-5.7.1 message has been blocked. Please visit 550 5.7.1
https://support.google.com/mail/answer/188131 for more information.
h14si1072327wml.179 - gsmtp (in reply to end of DATA command)

The DNS Entries for this domain are:

_dmarc.donotreply.jr0.de TXT v=DMARC1; p=reject; rua=mailto:admin@rottmann-moebel.de
donotreply.jr0.de MX 1 mail.jr0.de
donotreply.jr0.de TXT v=spf1 a mx _all

I don’t get what I did wrong, can someone help me?

Thanks!
Regards,
mugnipper

mugnipper

I now added an DNS-Entry: donotreply.jr0.de.report.dmarc.rottmann-moebel.de TXT v=DMARC1, perhaps that was it?

Dan

mugnipper For my domain donotreply.jr0.de I get from time to time an report domain email, with subjects like this:

That’s a DMARC report. It’s expected if you added a DMARC DNS record. Basically if SPF or DKIM checks fail, and the recipient’s email server supports DMARC, it’ll send an email with a report, and can either quarantine or reject the email depending on how you configure the policy. Since your DMARC policy contains p=reject, you’re telling the recipient server to reject any emails that fail these checks.

The report you attached has this:

<row>
<source_ip>202.61.244.232</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>reject</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>

which means that both checks failed for the sender IP 202.61.244.232. It looks like you don’t even have an SPF record for donotreply.jr0.de, yet your DMARC configuration says to reject emails that fail the checks, which is a nonsensical configuration (as all emails will fail the checks) . You should fix your DKIM and SPF configuration, and disable DMARC for now.

I’d strongly recommend changing your DMARC record from p=reject to p=none, so that no action is taken on emails that fail the checks. Monitor the reports for a while, and once everything looks good, then you can use p=reject or p=quarantine.

You should create a separate mailbox for DMARC reports so they don’t fill your main mailbox. You can use parsedmarc to parse the reports, or use a hosted service like dmarcian or Mailhardener.