Missing _Dmarc

dig -type=TXT _dmarc.chocolatedetective.co.uk ;; Warning, ignoring invalid type ype=TXT

3 Replies

With dig, you just do dig TXT _dmarc.chocolatedetective.co.uk. Alternatively, dig -t TXT _dmarc.chocolatedetective.co.uk. You have two _dmarc records there, and should kill one of them. In addition, you do not have the external authorization records required on the "web-tart.co.uk" domain, to be able to use that email address as a destination for your DMARC reports.

HPlovejetOP•7mo ago

Fantastic, thanks so much 🙂 Unfortunately Amazon SES insist "DMARC configuration was not found." but as they gave me the wrong parameters to begin with it should not be surprising!

DarkDeviL•7mo ago

They are most likely doing that because you have two _dmarc records set:

$ dig +noall +answer TXT _dmarc.chocolatedetective.co.uk
_dmarc.chocolatedetective.co.uk. 300 IN TXT     "v=DMARC1; p=none;"
_dmarc.chocolatedetective.co.uk. 300 IN TXT     "v=DMARC1; p=none; rua=mailto:[email protected],mailto:[email protected]"

$ dig +noall +answer TXT _dmarc.chocolatedetective.co.uk
_dmarc.chocolatedetective.co.uk. 300 IN TXT     "v=DMARC1; p=none;"
_dmarc.chocolatedetective.co.uk. 300 IN TXT     "v=DMARC1; p=none; rua=mailto:[email protected],mailto:[email protected]"

Kill the one that alone holds the "v=DMARC1; p=none;", and it should fix itself within some time (actual time until fix depends on Amazon SES's re-check frequency) You are also having two SPF records, which is incorrect, too:

$ dig +noall +answer TXT chocolatedetective.co.uk | grep spf
chocolatedetective.co.uk. 300   IN      TXT     "v=spf1 include:_spf.google.com ~all"
chocolatedetective.co.uk. 300   IN      TXT     "v=spf1 include:_spf.mx.cloudflare.net ~all"

$ dig +noall +answer TXT chocolatedetective.co.uk | grep spf
chocolatedetective.co.uk. 300   IN      TXT     "v=spf1 include:_spf.google.com ~all"
chocolatedetective.co.uk. 300   IN      TXT     "v=spf1 include:_spf.mx.cloudflare.net ~all"

Gaming

Programming

Missing _Dmarc