your friend and mine, DMARC
-
I have a couple of domains for which I have Google running email for.
Cloudron creates DMARC records as well as DKIM / spf for this.
If I delete the DMARC then Google will send again.
How can I configure Cloudron to a) either enable Google sending or b) not keep recreating the DMARC record?
-
It's been a while since I've used the DNS APIs in Cloudron as I mostly use wildcard now, but I don't believe I ever saw Cloudron override an existing DNS entry, it just would create them if they didn't exist and update them if the server IP changed, not sure I noticed any _dmarc DNS conflicts. If it's something that the Cloudron DNS integration doesn't allow for though then I suspect you'll need to switch to wildcard DNS method instead so you have more control.
-
-
@bmann said in your friend and mine, DMARC:
I don't have a DMARC entry
Sounds to me like if you were add one for Gmail that'd resolve your issue long-term.
-
@bmann By default, Cloudron will add
"v=DMARC1; p=reject; pct=100". This entry means that emails that don't follow SPF and DKIM should all be 100% rejected.- Cloudron will only add DMARC record if it's absent .
- Cloudron will only add the DMARC record if you press the 'Sync DNS' button manually. OR you enable/disable email for the domain. There is no cron job to periodically add DNS entries.
With the above in mind:
- You should always have a DMARC record for your domain. Any reason why you don't have any?
- Maybe google is missing in your SPF, this is why it's not working? Have you done https://support.google.com/a/answer/10684623?hl=en already?
-
@girish I flipped from wildcard to Let’s Encrypt Prod, so I suspect that’s when it got re-added.
I have an spf record (Cloudron added it and then I added google to the entry - although it looks like _spf.google.com is a new domain, I will add this)
Is there anything else google specific that should be in a DMARC entry?
I’ve never had a DMARC entry and never had any issues. If I add one, I can’t send via Gmail.
I’ll try a few things. Thanks.
-
@bmann you can just set a relaxed DMARC like in https://support.google.com/a/answer/10032473?hl=en . Something like
v=DMARC1; p=none; rua=mailto:dmarc@solarmora.com. This will ensure atleast mails are not getting rejected because of DMARC. I would still double check though why Google thinks it cannot send emails for your domain. Have you set up DKIM for Google - https://support.google.com/a/answer/180504?hl=en ? -
G girish marked this topic as a question on
-
G girish has marked this topic as solved on
