your friend and mine, DMARC
-
I have a couple of domains for which I have Google running email for.
Cloudron creates DMARC records as well as DKIM / spf for this.
If I delete the DMARC then Google will send again.
How can I configure Cloudron to a) either enable Google sending or b) not keep recreating the DMARC record?
-
It's been a while since I've used the DNS APIs in Cloudron as I mostly use wildcard now, but I don't believe I ever saw Cloudron override an existing DNS entry, it just would create them if they didn't exist and update them if the server IP changed, not sure I noticed any _dmarc DNS conflicts. If it's something that the Cloudron DNS integration doesn't allow for though then I suspect you'll need to switch to wildcard DNS method instead so you have more control.
-
It doesn't override it. I don't have a DMARC entry, and every time one gets added, I can't send from my Gmail any more. I fix it by deleting the DMARC entry
@bmann said in your friend and mine, DMARC:
I don't have a DMARC entry
Sounds to me like if you were add one for Gmail that'd resolve your issue long-term.
-
@bmann By default, Cloudron will add
"v=DMARC1; p=reject; pct=100". This entry means that emails that don't follow SPF and DKIM should all be 100% rejected.- Cloudron will only add DMARC record if it's absent .
- Cloudron will only add the DMARC record if you press the 'Sync DNS' button manually. OR you enable/disable email for the domain. There is no cron job to periodically add DNS entries.
With the above in mind:
- You should always have a DMARC record for your domain. Any reason why you don't have any?
- Maybe google is missing in your SPF, this is why it's not working? Have you done https://support.google.com/a/answer/10684623?hl=en already?
-
@bmann By default, Cloudron will add
"v=DMARC1; p=reject; pct=100". This entry means that emails that don't follow SPF and DKIM should all be 100% rejected.- Cloudron will only add DMARC record if it's absent .
- Cloudron will only add the DMARC record if you press the 'Sync DNS' button manually. OR you enable/disable email for the domain. There is no cron job to periodically add DNS entries.
With the above in mind:
- You should always have a DMARC record for your domain. Any reason why you don't have any?
- Maybe google is missing in your SPF, this is why it's not working? Have you done https://support.google.com/a/answer/10684623?hl=en already?
@girish I flipped from wildcard to Let’s Encrypt Prod, so I suspect that’s when it got re-added.
I have an spf record (Cloudron added it and then I added google to the entry - although it looks like _spf.google.com is a new domain, I will add this)
Is there anything else google specific that should be in a DMARC entry?
I’ve never had a DMARC entry and never had any issues. If I add one, I can’t send via Gmail.
I’ll try a few things. Thanks.
-
@girish I flipped from wildcard to Let’s Encrypt Prod, so I suspect that’s when it got re-added.
I have an spf record (Cloudron added it and then I added google to the entry - although it looks like _spf.google.com is a new domain, I will add this)
Is there anything else google specific that should be in a DMARC entry?
I’ve never had a DMARC entry and never had any issues. If I add one, I can’t send via Gmail.
I’ll try a few things. Thanks.
@bmann you can just set a relaxed DMARC like in https://support.google.com/a/answer/10032473?hl=en . Something like
v=DMARC1; p=none; rua=mailto:dmarc@solarmora.com. This will ensure atleast mails are not getting rejected because of DMARC. I would still double check though why Google thinks it cannot send emails for your domain. Have you set up DKIM for Google - https://support.google.com/a/answer/180504?hl=en ? -
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
Hello! It looks like you're interested in this conversation, but you don't have an account yet.
Getting fed up of having to scroll through the same posts each visit? When you register for an account, you'll always come back to exactly where you were before, and choose to be notified of new replies (either via email, or push notification). You'll also be able to save bookmarks and upvote posts to show your appreciation to other community members.
With your input, this post could be even better đź’—
Register Login