Can you post the e-mail headers for the recipient in an example like you gave in the video? In particular the header values "Return-Path" and "From". After running the verification and authorization process in MailChimp, I'm curious if the domain name in the header records "Return-Path" and "From" are the same. I'm asking because messages from MailChimp are passing SPF and DKIM according to the e-mail message headers, but the DMARC reports the raw DKIM and SPF records pass, but the SPF-DMARC has a "fail-unaligned" failure.
SPF-DMARC "fail-unaligned" typically means that the SPF record is incorrect. Your SPF record should have include:servers.mcsv.net (which it probably does). Mailchimp is known to have issues with their servers.mcsv.net, which is why they want you to use ?all rather than -all or ~all.
@@globalcyberalliance27Interesting. From en.wikipedia.org/wiki/Sender_Policy_Framework, " ? for a NEUTRAL result interpreted like NONE (no policy). ". The way I interpret that is " ?all" effectively neutralizes SPF. And since you only have a single "all" parameter for your SPF record, it affects everything you send, not just MailChimp. Am I understanding that correctly?
the smtp rewrites usually break the ARC. "smtpmail.from" is a bounce address from a different domain and the transition to you "own" sender ends up with DKIM=pass, SPF=pass but DMARC=fail. MailChimp support asks to add mcsv.net to the SPF record, since it was DKIM only (which in theory is sufficient for DMARC=pass). Let's see if that helps. Sad thing, if your SPF record is nested and has 10 DNS lookups, so you can't add another domain.
Doesn't seem to work when the dmarc record specifies "quarantine" or "reject" for me. Domain is authenticated in Mailchimp. Followed all the instructions exactly. I'm even using Godaddy's DNS like in the video. Still getting put in dmarc jail.
Thanks, this solved my dmarc problem because of inserting 2 separate SPF records, instead of combining them.
Thank you, short and straight to the point. I realized that I had my DKIM and SPF records already setup :)
You have added the SPF and DKIM record but not the DMARC record or am I wrong here ?
Can you post the e-mail headers for the recipient in an example like you gave in the video? In particular the header values "Return-Path" and "From". After running the verification and authorization process in MailChimp, I'm curious if the domain name in the header records "Return-Path" and "From" are the same. I'm asking because messages from MailChimp are passing SPF and DKIM according to the e-mail message headers, but the DMARC reports the raw DKIM and SPF records pass, but the SPF-DMARC has a "fail-unaligned" failure.
SPF-DMARC "fail-unaligned" typically means that the SPF record is incorrect. Your SPF record should have include:servers.mcsv.net (which it probably does). Mailchimp is known to have issues with their servers.mcsv.net, which is why they want you to use ?all rather than -all or ~all.
@@globalcyberalliance27Interesting. From en.wikipedia.org/wiki/Sender_Policy_Framework, " ? for a NEUTRAL result interpreted like NONE (no policy). ". The way I interpret that is " ?all" effectively neutralizes SPF. And since you only have a single "all" parameter for your SPF record, it affects everything you send, not just MailChimp. Am I understanding that correctly?
the smtp rewrites usually break the ARC. "smtpmail.from" is a bounce address from a different domain and the transition to you "own" sender ends up with DKIM=pass, SPF=pass but DMARC=fail. MailChimp support asks to add mcsv.net to the SPF record, since it was DKIM only (which in theory is sufficient for DMARC=pass). Let's see if that helps. Sad thing, if your SPF record is nested and has 10 DNS lookups, so you can't add another domain.
Doesn't seem to work when the dmarc record specifies "quarantine" or "reject" for me. Domain is authenticated in Mailchimp. Followed all the instructions exactly. I'm even using Godaddy's DNS like in the video. Still getting put in dmarc jail.
Oh no! Jail is never good. If you contact us at gca-dmarc@globalcyberalliance.org we can help look into it.
Try and test it with www.mail-tester.com
Weren't you supposed to show how to make DMARC work with MailChimp? You didn't setup DMARC in this video.
Thanks, Man!
This information is way out of date and inaccurate.