Follow

I set up ProtonMail to use my personal domain and now I keep getting dmarc reports every time I send an email to someone using Gmail.

They’re coming from noreply-dmarc-support@google.com

Anyone know how to stop this?

@shahaan Check your DNS. dmarc email is set via the email in the DNS record. mxtoolbox.com/dmarc.aspx might be able to help you track that down

@chris

Right, thanks for this.

I’ve set dmarc policy tag to ‘none’ as I’m evaluating whether my emails are being received without problems. And I’ve got my email address at the rua tag.

From what I’ve read, if I set the policy tag to quarantine or reject, then it will notify me only if someone attempts to spoof my email address, fails the dmarc test and the message is quarantined or rejected by the receiver.

Is this right or am I misunderstanding something?

@shahaan Double check the docs as, frankly, I haven't tweaked this for anything in a while but that does sound correct.

@shahaan You will get aggregate reports to the rua address even if all mails pass.

“This information includes data about messages that passed DMARC authentication as well as those that did not.”¹

If you only want failure reports, delete the rua tag and add a ruf tag.

¹ https://tools.ietf.org/html/rfc7489#section-7.2 ² https://tools.ietf.org/html/rfc7489#section-7.3

@chris

@tastytea

Okay, I’ve removed the rua tag and changed it to ruf and fo

Hopefully this should work. Thanks again for the help.

@chris

@shahaan These reports are only sent if you put your email address in the DMARC DNS record¹,². Deleting the rua and ruf tags will prevent them, but you won’t know when DMARC verification fails.

You can also tweak the ri tag² to change the interval for aggregate reports.

¹ https://en.wikipedia.org/wiki/DMARC#DNS_record ² https://tools.ietf.org/html/rfc7489#section-6.3

@tastytea Thanks for the info. Right now I’ve got the dmarc policy tag set to none. I’m receiving reports saying dmarc passed. Instead, I would prefer to only be notified if dmarc fails. I’ll try changing the policy tag to quarantine and see if I stop receiving dmarc passed notifications.

@shahaan You can stop it by removing your email address from the DMARC DNS record but that's probably not the answer you're looking for. ;)

@sindastra It’s not ;)

I want reports, but only in case of dmarc test failure.

@shahaan Isn't there a rule so it reports violations? 🤔 Maybe if you set it to none but still specify an email, then it's up for interpretation by Google and they just send reports? You could of course just block their email. 🤪

@sindastra seems replacing rua tag with ruf and fo tags should now provide only failure reports. Also changed p tag to quarantine instead of none

Sign in to participate in the conversation
Mastodon

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!