cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
1,351 Views
Message 1 of 5

Emails being quarantined due to failing DMARC, DKIM and SPF

I'm a sysadmin at where I work and just sent an email to my work account to test the system.

It was quarantined due to failing DMARC and DKIM, with a soft fail on SPF.

Has anything changed in the background system?

0 Ratings
Reply
4 REPLIES 4
1,339 Views
Message 2 of 5

Re: Emails being quarantined due to failing DMARC, DKIM and SPF

Tested from Outlook 2021 (fully up to date) and webmail console.  This is the result in our Defender console in Intune.

jezbod_0-1714123644065.png

 

0 Ratings
Reply
1,319 Views
Message 3 of 5

Re: Emails being quarantined due to failing DMARC, DKIM and SPF

After getting access to the full report, it looks like it detected my BT Internet email and my work email as too similar, and classed it as user impersonation.

I'm still wondering why it fails the DMARC, DKIM and SPF tests.

0 Ratings
Reply
1,282 Views
Message 4 of 5

Re: Emails being quarantined due to failing DMARC, DKIM and SPF

I experienced this problem mid morning.  I was just emailing an online store enquiry point address.  The non delivery report from the destination server was as follows:

Access denied, sending domain btinternet.com does not pass DMARC verification and has a DMARC policy of reject

This suggests SPF/DKIM was failing on my outbound message and that must be BT's fault as we have no control over that.  The destination server was then acting correctly against BT's published DMARC policy by rejecting the message. 

I have since sent a test message from my btinternet mailbox to a gmail mailbox I also have.  That arrived OK and when I examined the headers,  SPF/DKIM/DMARC are fine on that message. 

I also checked btinternet.com on the MXTOOLBOX site:

SPF check - comes back OK.  

v=spf1 include:_spf.btinternet.com include:bt.com ~all

DKIM check - using the following selector btinternet.com:btmx201904 returns the BT public key OK.

DMARC check - comes back OK

v=DMARC1; p=reject; sp=reject; pct=100; fo=1; rua=mailto:dmarcagg@btinternet.com; ruf=mailto:dmarcf@btinternet.com;

So whatever it was, isn't there now.  A blip in the BT email world this morning perhaps? 

0 Ratings
Reply
1,263 Views
Message 5 of 5

Re: Emails being quarantined due to failing DMARC, DKIM and SPF

Could be, all of mine that failed were from IP 195.130.217.221

This include an email from Google mail last night, which just had a SPF soft fail, DMARC and  DKIM were ok.

EDIT:  Ignore the IP address, it's our final link in the mail filtering system we use.

0 Ratings
Reply