mugnipper For my domain donotreply.jr0.de I get from time to time an report domain email, with subjects like this:
That’s a DMARC report. It’s expected if you added a DMARC DNS record. Basically if SPF or DKIM checks fail, and the recipient’s email server supports DMARC, it’ll send an email with a report, and can either quarantine or reject the email depending on how you configure the policy. Since your DMARC policy contains
p=reject, you’re telling the recipient server to reject any emails that fail these checks.
The report you attached has this:
which means that both checks failed for the sender IP
126.96.36.199. It looks like you don’t even have an SPF record for
donotreply.jr0.de, yet your DMARC configuration says to reject emails that fail the checks, which is a nonsensical configuration (as all emails will fail the checks) . You should fix your DKIM and SPF configuration, and disable DMARC for now.
I’d strongly recommend changing your DMARC record from
p=none, so that no action is taken on emails that fail the checks. Monitor the reports for a while, and once everything looks good, then you can use
You should create a separate mailbox for DMARC reports so they don’t fill your main mailbox. You can use parsedmarc to parse the reports, or use a hosted service like dmarcian or Mailhardener.