DMARC record not found by Spam mail-tester.com ?

Hi,

Can you reply back with the URL to the spam-tester results?

Thanks!

Perhaps DNS TTL is playing games with you.

Your configuration appears to be fine : https://www.dmarcian.com/dmarc-inspector/marsinval.fr

Hello, thank you for your answers and apologies for the direct reply Adrian !

After waiting a day to enable DNS changes to take effect, the Mail-Tester returns a spotless result, confirming that all is fine.

However, the subsequent reports received from Google shows a “fail” score for DKIM and SPF, with the reason: “sampled-out”. Would you know what is still wrong ? Here is the content of the report:

<feedback>
<report_metadata>
<org_name>google.com</org_name>
<email>[email protected]</email>
<extra_contact_info>https://support.google.com/a/answer/2466580</extra_contact_info&gt;
<report_id>2193209771817606709</report_id>
<date_range>
<begin>1464739200</begin>
<end>1464825599</end>
</date_range>
</report_metadata>
<policy_published>
<domain>marsinval.fr</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>20</pct>
</policy_published>
<record>
<row>
<source_ip>46.105.46.159</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
<reason>
<type>sampled_out</type>
<comment></comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<header_from>marsinval.fr</header_from>
</identifiers>
<auth_results>
<spf>
<domain>116-prod.mail-out.ovh.net</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>

There is a consistent feedback from Yahoo:

<?xml version=”1.0″?>
<feedback>
<report_metadata>
<org_name>Yahoo! Inc.</org_name>
<email>[email protected]</email>
<report_id>1464745895.509953</report_id>
<date_range>
<begin>1464652800</begin>
<end>1464739199 </end>
</date_range>
</report_metadata>
<policy_published>
<domain>marsinval.fr</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>20</pct>
</policy_published>
<record>
<row>
<source_ip>209.85.213.47</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>marsinval.fr</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>gmail.com</domain>
<result>neutral</result>
</dkim>
<spf>
<domain>gmail.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
<record>
<row>
<source_ip>209.85.213.52</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>marsinval.fr</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>gmail.com</domain>
<result>neutral</result>
</dkim>
<spf>
<domain>gmail.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>

Your lights highly appreciated ??

Thank you,
Eric.

You have pct=20 in your DMARC record, that’s the reason, your DMARC policy is only being applied to 20% of your email, the rest gets “sampled-out”
Since you have a p=none, there is actually no need for the pct parameter, set it to 100 or remove et entirely.
Br
Henrik Schack

Sorry for the delay in responding, here is the link to the Mail-Tester results:

https://www.mail-tester.com/check.php?id=wysija-bWFyc2ludmFsLmZyL3NpdGV2Mw-1464880325%40mail-tester.com&lang=fr_FR

Eric.

Thank you very much Henrik !

I’ll try that and advise.

Kind regards,
Eric.

Looking at the mail-test.com report.
Your email passes DMARC, but only because you DKIM sign it.
It isn’t DMARC SPF aligned.

Br
Henrik Schack

Thank you Henrik,

Not sure how to get a correct DMARC SPF alignment …

Here is the content of the DNS zone of my site. Is there anything that jumps out as incorrect or to change in order to fix that ?…

$TTL 86400
@ IN SOA dns10.ovh.net. tech.ovh.net. (2016060200 86400 3600 3600000 86400)
IN NS dns10.ovh.net.
IN NS ns10.ovh.net.
IN MX 1 mx1.ovh.net.
IN MX 100 mxb.ovh.net.
IN MX 5 mx2.ovh.net.
IN A 213.186.33.17
3600 IN TXT “google-site-verification=AvsFP8kOu20WHVWIPZ2IeNeaeIEGwvEjCbFza9MeYc4”
3600 IN TXT “v=spf1 include:mx.ovh.com ~all”
_dmarc IN TXT “v=DMARC1; p=none; rua=mailto:[email protected]; aspf=r”
_jabber._tcp IN CNAME _jabber._tcp.mediaplan.ovh.net.
_sip._udp IN CNAME _sip._udp.mediaplan.ovh.net.
_xmpp-client._tcp IN CNAME _xmpp-client._tcp.mediaplan.ovh.net.
_xmpp-server._tcp IN CNAME _xmpp-server._tcp.mediaplan.ovh.net.
audio IN CNAME audio.ovh.net.
forum IN A 213.186.33.17
ftp IN CNAME https://ftp.cluster006.ovh.net.
ftp2 IN CNAME anonymous.ftp.ovh.net.
imp IN CNAME imp.ovh.net.
jabber IN CNAME jab1.mediaplan.ovh.net.
mail IN CNAME ns0.ovh.net.
ox IN CNAME ox.ovh.net.
pop3 IN CNAME ns0.ovh.net.
sip IN CNAME sip1.mediaplan.ovh.net.
smtp IN CNAME ns0.ovh.net.
squirrel IN CNAME squirrel.ovh.net.
vpn IN CNAME vpn.mediaplan.ovh.net.
www IN CNAME marsinval.fr.
wys._domainkey IN TXT “v=DKIM1;s=email;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDE/jarD7aheIsfqk7HesWUxdQNr8mHiOzaWvUIZG57lWafUVGf+/98Nw9b/WqH4MErVeb1L/WjYffdz/KySirH6XPRr2X+LbOENpxvycp1VX7hMnAhTn+JMLfAH5LBuwXJAJw9IWSxLRJF5DQHPOXguLDkavvRd0vTK9DuxUUoEQIDAQ”

Kind regards,
Eric.

For email to be DMARC SPF aligned there must be a relation between the senderenvelope domain (some call it returnpath or bounceaddress) and your From: domain (that’s the visible from address)

Your senderenvelope domain is 116-prod.mail-out.ovh.net
that is not in any way related to marsinval.fr

I don’t know if ovh.com will let you modify then senderenvelope domain, if not here is another solution, use mailgun.com for outgoing email.
There is a WordPress plugin for interfacing with mailgun.
https://www.ads-software.com/plugins/mailgun/

By the way mail-test.com isn’t really a great tools when it comes to testing authentication, they have completely misunderstood how SPF works. Read more here : https://space.dmarcian.com/a-common-misconception-about-spf/

Br
Henrik Schack

Sending an email to checkmyauth at auth.returnpath.net can be used to test authentication

Thanks again Henrik !

Another tip:

Handling DMARC reports manually is time consuming and painfully complicated.
I’ve been using dmarcian.com to handle my DMARC reports for years now, I’m really happy with the features available.