Virgin Media Virgin Media Community

JulieD1 · ‎29-06-2022

Hi,

Can anyone help me with a 'DMARC validation failed' mail delivery errors please?

Our email set-up is a little bit complicated. We have a domain, email and webhosting with another provider, but the mailboxes are very small (only 2 GB). So we have set-up email aliases and forward our emails to our virgin media email address, as the mailbox accounts are larger. Unfortunately in recent months we have been getting lots of emails rejected and a bounce back (Mail delivery failed: returning message to sender) to our provider from Virgin media for ‘DMARC validation failed’. Is there anything I can do to stop this and get my emails through? I’ve added some of the email addresses to my address book on virgin media, but that hadn’t resolved this issue. We have a DMARC policy set against our domain, which I’m told is correct.

This is an example

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. This is a permanent error.

The following address failed:

[MOD EDIT: Email address removed]

SMTP error from remote server for TEXT command, host: hostname.net (IP address) reason: 554 5.2.0 MXIN603 DMARC validation failed. ;id=6TapoS1QdxIyN6TaqoAXot;sid=

6TapoS1QdxIyN;mta=mx8.tb;dt=2022-06-29T11:02:41+02:00;ipsrc=IP address;

Many thanks.

ravenstar68 · ‎30-06-2022

Email forwarding to another email service is a nasty way to run your own domain, I always recommend either running your own mail server or paying for a professional hosting service.

The thig with DMARC is it's a way for the original sender to do te following

Validate the mail
Provide instructions to receiving email servers what to do if mail validation fails.

It should also be noted that DMARC is does not work alone, it is used in conjunction with.

SPF - Which validates the IP address of the sending domain
DKIM - Which signs the mail and also validates that it has not been tampered with.

consider I send you an email. My server is based at 51.68.196.229 (Note to mods, please leave the address as is)

If I send a mail directly to your Virgin Media email address from my ravenstar68.co.uk, it will pass on SPF when my outbound system connects to Virgin Media's inbound mail exchanger when VM checks the IP address.

Lets assume I send it to your personal domain instead.

When it hits the mail forwarder it's your mail forwarder that's talking to VM's mail exchanger. So because it's being sent from a different IP address it will fail SPF.

This means that unless the sender is using DKIM as well then the mail will fail DMARC validation

Note as well that there are some circumstances where a mail will fail DKIM (if the forwarding server alters the mail body or parts of the headers).

It would be nice to check the sending domain's information but if they have set up a DMARC p=reject policy then this is why VM are bouncing the mail.

If you drop me a PM with an example of the bounced email including all the headers (unaltered), I can check it for you.

Note however that I am not a VM employee. I am a VIP, which means we've provenn ourselves to VM in the past, however you still might chose to think twice..

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

See where this Helpful Answer was posted

jem101 · ‎29-06-2022

@JulieD1 my apologies but I’m not 100% clear on the details of this but are you saying that when you send emails out, some of them bounce back to you?

If so then is the sending email address domain your own personal domain name, ie julied1@my.own.domain.name.org

ie is that the address you expect replies to be sent to, and if so, in whatever email application you are using, is it set to use the VM servers for outbound SMTP email or the server details from your domain host?

John

JulieD1 · ‎30-06-2022

@jem101 The issue is with emails we receive. They come in to example @mydomian and we forward them to example@virginmedia . Then on Outlook we collected out emails from virgin medias mail server pop3.virginmedia.com.
Sometimes the emails that are forwarded to example@virginmedia are rejected for ‘DMARC validation failed’

ravenstar68 · ‎30-06-2022

Email forwarding to another email service is a nasty way to run your own domain, I always recommend either running your own mail server or paying for a professional hosting service.

The thig with DMARC is it's a way for the original sender to do te following

Validate the mail
Provide instructions to receiving email servers what to do if mail validation fails.

It should also be noted that DMARC is does not work alone, it is used in conjunction with.

SPF - Which validates the IP address of the sending domain
DKIM - Which signs the mail and also validates that it has not been tampered with.

consider I send you an email. My server is based at 51.68.196.229 (Note to mods, please leave the address as is)

If I send a mail directly to your Virgin Media email address from my ravenstar68.co.uk, it will pass on SPF when my outbound system connects to Virgin Media's inbound mail exchanger when VM checks the IP address.

Lets assume I send it to your personal domain instead.

When it hits the mail forwarder it's your mail forwarder that's talking to VM's mail exchanger. So because it's being sent from a different IP address it will fail SPF.

This means that unless the sender is using DKIM as well then the mail will fail DMARC validation

Note as well that there are some circumstances where a mail will fail DKIM (if the forwarding server alters the mail body or parts of the headers).

It would be nice to check the sending domain's information but if they have set up a DMARC p=reject policy then this is why VM are bouncing the mail.

If you drop me a PM with an example of the bounced email including all the headers (unaltered), I can check it for you.

Note however that I am not a VM employee. I am a VIP, which means we've provenn ourselves to VM in the past, however you still might chose to think twice..

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

ravenstar68 · ‎30-06-2022

PS alternatively if you PM me your domain email, I could send a test mail instead. If it bounces I should be able to exaine the bounce

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

JulieD1 · ‎04-07-2022

Hi Tim,

That's kind of what I thought was the issue, so there is no fixing it. We just need to move our email to a professional hosting service.

Thanks for your help.

Lee_R · ‎05-07-2022

Hi JulieD1 thanks for posting and welcome back to our community.

It does look like you've received the answer to your posts from our fantastic community members. Remember, if you ever need assistance in the future, our fantastic community and forum team are always willing to lend a hand. Also if you ever have issues with your Virgin Media services, our website offers lots of advice and can answer many questions. And you can manage your account from here.

Regards

Lee_R

jem101 · ‎05-07-2022

@JulieD1 wrote:
Hi Tim,
That's kind of what I thought was the issue, so there is no fixing it. We just need to move our email to a professional hosting service.
Thanks for your help.

I’m afraid so yes, if you are running any sort of business, then this stuff needs to be done properly, otherwise, as you have found, all sorts of apparently oddball stuff happens.

Now I say oddball, but there really is a good reason for doing it, and ultimately any ISP wants to protect their systems and users as far as possible and if you happen to be collateral damage in it, well sorry but tough!

Look at migrating your business email system to either Microsoft or Google, probably will cost you a bit more but at least these companies do actually have a proper setup.

ravenstar68 · ‎08-07-2022

@jem101

DMARC is more about email domain owners protecting their brand, ISP's or rather ESP's (email service providers) are expected to comply with a sending domains DMARC policies should a mail fail authentication checks.

@JulieD1

You sent me a PM sking which is the best hosting provider, the answer is I have no particular preferences.

You can use GSuite or Microsoft 365 for business, or any other hosting provider (note: some registrars will let you set up an account through them, but typically there is no need.

Alternatively you could purchase a VPS and set up Ubuntu linux on it and run Mail in a box. Once it's p and running it does everything DNS, mail transport and webmail.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

JulieD1 · ‎08-07-2022

my linux is almost nonexistent, but I've looked up Mail in a box and that's a great idea - thanks. It might be fun to have a mail server to play with again.

Julie