2

I am trying to get the DKIM and SPF settings correct for a client who uses both GSuite and WordPress to send her emails.

I added this dmarc: v=DMARC1; p=none; rua=mailto:l***@******ney.com; fo=1; adkim=r; aspf=r;

(when I set the p to quarantine everything went to spam)

I added a google domain key v=DKIM1

And I added this spf that was supposed to be a catchall for google but doesn't seem to be working:

v=spf1 mx a include:_spf.google.com ~all

But the spf was still failing so I started adding ip addresses ... but it still fails.

Then this morning I got a report from google where the policy_evaluated failed for both DKIM and SPF ... but the auth_results PASSED for both.

I'm totally shooting in the dark here. Can someone please tell me what I'm doing wrong?

Improve this question
5
  • Does the <header_from> domain in the <identifiers> section match the domain for the <dkim> and / or <spf> domains in the <auth_results> section? The <policy_evaluated> lists whether the tests passed and the domains are aligned with the header_from domain.
    – Reinto
    Commented Aug 31, 2022 at 16:15
  • No the dkim is fw-mail.com and the spf is x.fw-mail.com. What do I need to do?
    – OM4U
    Commented Sep 2, 2022 at 20:35
  • The server / system sending the emails is not using your domain to prove it is authorized to send on behalf of your email domain (in the FROM header). DKIM has a tag in its header d= which indicates for which domain it is signing. SPF domain is checked on the bounce / envelope address (Return-Path header). As long as neither of those is aligned with your FROM header domain, you will not pass DMARC.
    – Reinto
    Commented Sep 4, 2022 at 11:40
  • Ok so ... I selected google for my DKIM because that's who is sending the emails ... but I'm also using aweber for bulk emails and an email responder from inside wordpress. So how do I account for those differences? I think this is what is causing the problem.
    – OM4U
    Commented Sep 6, 2022 at 16:37
  • 1
    You need a DKIM public key published in DNS for each party sending on your behalf. Aweber has some documentation online how to configure a custom domain and the record you need to publish. I'm not sure about how to do that for you WP responder. DKIM records look like: v=DKIM1; p=[PlatformPubKey] and optionally k=rsa, published at selectorname._domainkey.yourdomain.com
    – Reinto
    Commented Sep 16, 2022 at 7:51

0

Reset to default

You must log in to answer this question.

Browse other questions tagged .