Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3094
Views
0
Helpful
6
Replies

nondelivered DMARC reports

flyok
Level 1
Level 1

‎07-12-2018 04:45 AM - edited ‎03-08-2019 07:39 PM

Hi, we have a lot of undeliverabled DMARC reports (about one hundred daily). What could I do with it?

(eg. there is a DMARC record in DNS for mihanbrooz.com domain, with rua=mailto:admin@mihanbrooz.com, but there is no MX record for this domain. So our DMARC report is returned back).

Labels:
0 Helpful
6 Replies 6

svgeorgi
Cisco Employee
Cisco Employee

‎07-12-2018 11:37 AM

So why you don't change the email address in RUA to a valid one?!

0 Helpful

flyok
Level 1
Level 1
In response to svgeorgi

‎07-12-2018 11:10 PM - edited ‎07-12-2018 11:15 PM

It's not our domain :-D

I written it just only for example.

I have to rewrite my question once again to be clearly: Hi, we have a lot of returned DMARC reports (about one hundred daily) because they are undeliverables.

0 Helpful

Ken Stieers
VIP
VIP
In response to flyok

‎07-13-2018 09:52 AM

To be clear: you're getting notifications back from other domains listing mails that purport to come from you (e.g. your domain in the envelope sender header), but fail SPF (not your IPs) or DKIM (not signed with the right cert), or both, right?



Look at those files see if anything in there is supposed to be deliverable, and then fix it...

Eg. If it's a bunch of stuff from MailChimp that's failing because your Marketing team didn't tell you they're using Mailchimp for the new campaign, you need to tweak your SPF.



If it's all stuff that shouldn't be deliverable, then you know you have your stuff set up right, and can just delete these.

After a while you can change your DMARC record so that sites quit sending you reporting, if you know that your business isn't going to run out and use some cloud mailer without telling you.






0 Helpful

flyok
Level 1
Level 1
In response to Ken Stieers

‎07-15-2018 10:52 PM - edited ‎07-15-2018 10:55 PM

No :-)

I'll try to describe it again:

1. my ESA create DMARC Aggregate Report and send it according to RUA to some external domain (see. pict 1) Capture5.PNG

2. the RUA recipient doesn't exist and this report is returned back to me: Capture6.PNG

3. I have about 1 hundred such bounced emails from many different domains daily.

 

 

0 Helpful

Lemat
Level 1
Level 1

‎02-16-2021 03:43 PM

To disable sending DMARC reports go to ESA->Mail Policies->Mail Flow Policies->Default Policy Parameters and under DMARC Verification uncheck "Send aggregate feedback reports".

 

If you have "Trusted" sources you may override this setting for them (enable only for them)

0 Helpful

Lemat
Level 1
Level 1
In response to Lemat

‎02-16-2021 03:47 PM

Or you may go to System Administration->Return Addresses and set DMARC Feedback to an mail address, which delivers everything to /dev/null

0 Helpful
Customers Also Viewed These Support Documents