I setup DMARC p=reject on server but now I can't send via gmail to gmail (using server email From address)

Peter

12/1/23, 12:14 AM

Did I shoot myself in the foot ?

I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the Reply-to address). Example: "My Name <[email protected]>"

On my server I have SPF and DKIM setup optimally because I send out 'bulk' emails from time to time to my user base (after I update my software).

SPF includes gmail ( +include:_spf.google.com )

All this has been working fine for year. Yesterday I also setup DMARC to make sure people can't impersonate me via email. There was no DMARC record before yesterday. I setup my DMARC policy to reject (p=reject) to avoid spoofing etc.

Today I sent out a few emails (via gmail) to other gmail addresses and they bounced because of the policy. Weirdly enough emails to hotmail.com (for instance) arrived (I checked with the receivers). I sent an email (via gmail) to https://www.learndmarc.com/ (generated email address for testing) where the issue was confirmed

I wonder what to do best ?

Remove DMARC again ?
Keep DMARC but change the policy to relaxed (p=none)
Setup gmail to send via my server's SMTP

Ideally there would be a fourth option (I don't know about) that keep things as they are but somehow 'improves' DMARC to still p=reject yet accept gmail as sender somehow ?

Your input appreciated

189

1 + 1

smtp

gmail

spf

dkim

dmarc

anx

12/1/23, 12:51 AM

Sent a message to a service that will let you share the results and *quote* that [in your question](https://serverfault.com/posts/1117008/edit). We do not know why your mails are failing. If you did not publish any policy before, setting to policy back to `p=none` is as safe as your previous configuration (though still subject to caching; recommend lowering TTL on that record to something in the order of magnitude of hours, not days)

Score:1

Server

Esa Jokinen

12/17/23, 2:35 PM

As of Dec 2022, adding "Send mail as" addresses to personal Gmail accounts seems to only support external SMTP servers, so that probably is the best solution. This way you can control everything regardless how Gmail sets up their SPF & DKIM.

If you really wish to send mail directly from Gmail, you have check & ensure that

either SPF protecting the envelope sender or DKIM protecting headers passes (ideally both)
the passing mechanism is aligned with the organizational domain used in the From header, i.e.,
- for SPF, the domain of the envelope sender address matches
- for DKIM, the d= domain of the signature matches.

+ 1

Peter

12/17/23, 11:08 PM

Indeed, that is what I ended up doing. PS. since I setup DMARC I find that a lot of forwarders screw things up as well. Like people who have setup their hotmail to forward email to a different email address. These often bounce now (if I'm lucky enough to get a bounce msg) because (for instance) lots of servers only check SPF and not DKIM. It's a hornet's nest

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: I setup DMARC p=reject on server but now I can't send via gmail to gmail (using server email From address)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.