Menu
Reply
  • 5
  • 0
  • 0
dbaqueiro
Joining in
250 Views
Message 1 of 8
Flag for a moderator

DMARC and rDNS validation failing

Hi, 

We're trying to deliver emails to Virgin domains, as we do frequently, but today we're encountering serious issues and some errors that seem illegitimate, such as:

552 5.2.0 cfZ11u01D3iUEXE01fZ3bt DMARC validation failed with result 4.00:reject

452 4.1.0 Policy violation. Your host <ip_address> has no valid Reverse DNS. Please contact your ISP for further information.

We have verified that our IP addresses are correctly configured and our DMARC is compliant. Have sent an email to the technical team but I always get the auto-response and never a reply from a real person. Could you please contact me?

Thanks in advance.

0 Kudos
Reply
  • 13.62K
  • 720
  • 4.71K
Superuser
Superuser
226 Views
Message 2 of 8
Flag for a moderator

Re: DMARC and rDNS validation failing

I can't comment on the Reverse DNS without seeing the IP address of the mail server but I will comment on the DMARC failures as best I can given the limited information in this thread.

DMARC rejections come about through a failure of either DKIM or SPF.  While I don't work for Virgin Media myself I have investigated several DMARC rejections and found them to be legitimate.

Examples include

Someone sending mail for a DMARC domain via servers other than those specified in the SPF record. - SPF Validation fails
Someone auto forwarding mail where the forwarding service modifies the mail before sending it on it's way - DKIM validation fails.

On the latter I've been trying to get Google to look at their service because their current setup does the latter if it's configured to add a footer to the bottom of sent mails.  There is a workaround for that one, but it's clunky.

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 5
  • 0
  • 0
dbaqueiro
Joining in
211 Views
Message 3 of 8
Flag for a moderator

Re: DMARC and rDNS validation failing

Thanks Ravenstar68, 

In this case, however, we are sending a high number of messages throughout the day and only some of them are being rejected as DMARC failures. We monitor thoroughly our DMARC stats, and if there was something incorrectly configured we would also be getting rejections form other service providers that use/enforce DMARC, such as Outlook or Gmail, while we're not. The issue seems to be solved at the moment, but thanks for chiming in.

0 Kudos
Reply
  • 13.62K
  • 720
  • 4.71K
Superuser
Superuser
204 Views
Message 4 of 8
Flag for a moderator

Re: DMARC and rDNS validation failing

@dbaqueiro

No problem.  TBH without seeing the headers of a rejected mail, it's a bit hard to tell for sure what's going on.  But here's some things to look for,

What was the Envelope Sender address on the rejected mail?  Did it come from your company or has it been sent to one of your staff and then forwarded on?

If it was forwarded are you able to compare the original message with the forwarded copy?

Ravenstar68

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 5
  • 0
  • 0
dbaqueiro
Joining in
173 Views
Message 5 of 8
Flag for a moderator

Re: DMARC and rDNS validation failing

Thanks Ravenstar,

We have verified that everything is configured and being sent as expected. There are no redirects in between and this is not about a few messages bounced, but about issues happening intermittently for a few days now. My last post said that the issue seemed solved on Friday, but it happened again on Saturday. I'm willing to provide the necessary information for this to be investigated if someone from Virgin contacts me privately, I cannot disclose such details on a public forum. If I'm using this platform it's because I haven't received any human response from the email addresses I have attempted contacting.

Cheers!

0 Kudos
Reply
  • 13.62K
  • 720
  • 4.71K
Superuser
Superuser
169 Views
Message 6 of 8
Flag for a moderator

Re: DMARC and rDNS validation failing

Out of interest what is your domains current DMARC policy?  Is it p=reject?

@ModTeam - can you ask one of the ForumTeam to respond here?

Ravenstar68

Edit - with regards forwarding - I was thinking more that the mail might be sent to one of your employees and then forwarded  on to a Virgin Media address.

I've seen this:

yahoo -> oxfordcollege -> Autoforward -> Virgin Media

Virgin Media bounced the mail because Oxford College was adding a footer which invalidated Yahoo's DKIM signature.  So Virgin rejected the connection from Oxford College with a DMARC reject, not because of the Colleges DMARC policy, but because of Yahoo's.

My thinking that you could well be in the same position as Oxford College was.

________________________________________


Only use Helpful answer if your problems been solved.

0 Kudos
Reply
  • 5
  • 0
  • 0
dbaqueiro
Joining in
155 Views
Message 7 of 8
Flag for a moderator

Re: DMARC and rDNS validation failing

Thanks for pinging the Mod.

Yes, our policy is p=reject. But the issues are two, the DMARC one and the rDNS one. 

With regards to forwarding, I do understand what you mean, but that is definitely not the case.

0 Kudos
Reply
  • 12.48K
  • 353
  • 1.45K
Forum Team
Forum Team
117 Views
Message 8 of 8
Flag for a moderator

Re: DMARC and rDNS validation failing

Hi dbaqueiro,

Thank you for reporting this to us, we'll do what we can to find out what's happening here. Interestingly a few other reported email problems (involving forwarding hosts) are showing a DMARC issue though these do differ from yours slightly. But I do wonder if there's any connection.

Anyhow, I've sent you a PM (purple envelope icon, top right of page) requesting the header data. I'll keep an eye out for your reply Smiley Happy


Jen
Forum Team



0 Kudos
Reply