Open kevindherman opened 2 years ago
Auth0 issue:
Users created new accounts from my.proudcity.com and got this error:
Removing DMARC settings fixed the error.
For the additional email issue, they provided more context:
"I can confirm I now see the DMARC record and the majority of emails from notify@proudcity.com are now passing DMARC.
I did check our quarantine and found that it looks like there is a certain subset of emails that have smtp.mailfrom set to AWS – based on the attached example it looks like it may be for a staging site and not our production one?
Quarantined email
Authentication-Results: spf=pass (sender IP is 54.240.27.116)
smtp.mailfrom=us-west-2.amazonses.com; dkim=pass (signature was verified)
header.d=amazonses.com;dmarc=fail action=quarantine
header.from=proudcity.com;compauth=fail reason=000
All other emails:
Authentication-Results: spf=pass (sender IP is 69.72.43.7)
smtp.mailfrom=proudcity.com; dkim=pass (signature was verified)"
@curtismchale when I mentioned turning this off he responded with the following which may be of use:
"I did notice you set the DMARC policy to quarantine and was a little surprised. If you set the DMARC DNS record to v=DMARC1; p=none then it will allow the emails to pass DMARC without impacting mail flow. I recommend using that to start while you review DMARC reports to understand what services are not passing DMARC before setting policy to quarantine."
@curtismchale Here's the email:
@curtismchale another recommendation from their IT:
I did notice you set the DMARC policy to quarantine and was a little surprised. If you set the DMARC DNS record to v=DMARC1; p=none then it will allow the emails to pass DMARC without impacting mail flow. I recommend using that to start while you review DMARC reports to understand what services are not passing DMARC before setting policy to quarantine.
Mike Peth
We need to make sure we add MailGun and Google so that they work. See notes here: https://proudcity.slack.com/archives/C0AH683JQ/p1670943537928629?thread_ts=1670902840.501459&cid=C0AH683JQ
Source
Is your feature request related to a problem? Please describe. emails from notify@proudcity.com are going into SPAM filters.
Describe the solution you'd like Hello, I'm contacting you on behalf of City of San Rafael. We're seeing emails from notify@proudcity.com being flagged by our spam filter due to a missing DMARC DNS record for proudcity.com: https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3aproudcity.com&run=toolpage
Is it possible for you to add a default DMARC DNS record for v=DMARC1; p=none (Would not affect your mail flow at all) so incoming emails from notify@poudcity.com are passing DMARC? This missing DNS record will be affecting all proudcity.com customers and not just City of San Rafael.
Here is an example header showing that we're only seeing dmarc=bestguesspass even though it's passing SPF and DKIM alignment/authentication: Authentication-Results: spf=pass (sender IP is 69.72.43.7) smtp.mailfrom=proudcity.com; dkim=pass (signature was verified) header.d=proudcity.com;dmarc=bestguesspass action=none header.from=proudcity.com;compauth=pass reason=109
Additional context This was setup but then there were two separate things that came up so @curtismchale removed it.