on 29-06-2022 15:32
Hi,
Can anyone help me with a 'DMARC validation failed' mail delivery errors please?
Our email set-up is a little bit complicated. We have a domain, email and webhosting with another provider, but the mailboxes are very small (only 2 GB). So we have set-up email aliases and forward our emails to our virgin media email address, as the mailbox accounts are larger. Unfortunately in recent months we have been getting lots of emails rejected and a bounce back (Mail delivery failed: returning message to sender) to our provider from Virgin media for ‘DMARC validation failed’. Is there anything I can do to stop this and get my emails through? I’ve added some of the email addresses to my address book on virgin media, but that hadn’t resolved this issue. We have a DMARC policy set against our domain, which I’m told is correct.
This is an example
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error.
The following address failed:
[MOD EDIT: Email address removed]
SMTP error from remote server for TEXT command, host: hostname.net (IP address) reason: 554 5.2.0 MXIN603 DMARC validation failed. ;id=6TapoS1QdxIyN6TaqoAXot;sid=
6TapoS1QdxIyN;mta=mx8.tb;dt=2022-06-29T11:02:41+02:00;ipsrc=IP address;
Many thanks.
Answered! Go to Answer
on 30-06-2022 21:14
Email forwarding to another email service is a nasty way to run your own domain, I always recommend either running your own mail server or paying for a professional hosting service.
The thig with DMARC is it's a way for the original sender to do te following
Validate the mail
Provide instructions to receiving email servers what to do if mail validation fails.
It should also be noted that DMARC is does not work alone, it is used in conjunction with.
SPF - Which validates the IP address of the sending domain
DKIM - Which signs the mail and also validates that it has not been tampered with.
consider I send you an email. My server is based at 51.68.196.229 (Note to mods, please leave the address as is)
If I send a mail directly to your Virgin Media email address from my ravenstar68.co.uk, it will pass on SPF when my outbound system connects to Virgin Media's inbound mail exchanger when VM checks the IP address.
Lets assume I send it to your personal domain instead.
When it hits the mail forwarder it's your mail forwarder that's talking to VM's mail exchanger. So because it's being sent from a different IP address it will fail SPF.
This means that unless the sender is using DKIM as well then the mail will fail DMARC validation
Note as well that there are some circumstances where a mail will fail DKIM (if the forwarding server alters the mail body or parts of the headers).
It would be nice to check the sending domain's information but if they have set up a DMARC p=reject policy then this is why VM are bouncing the mail.
If you drop me a PM with an example of the bounced email including all the headers (unaltered), I can check it for you.
Note however that I am not a VM employee. I am a VIP, which means we've provenn ourselves to VM in the past, however you still might chose to think twice..
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 29-06-2022 18:04
@JulieD1 my apologies but I’m not 100% clear on the details of this but are you saying that when you send emails out, some of them bounce back to you?
If so then is the sending email address domain your own personal domain name, ie julied1@my.own.domain.name.org
ie is that the address you expect replies to be sent to, and if so, in whatever email application you are using, is it set to use the VM servers for outbound SMTP email or the server details from your domain host?
John
on 30-06-2022 13:58
on 30-06-2022 21:14
Email forwarding to another email service is a nasty way to run your own domain, I always recommend either running your own mail server or paying for a professional hosting service.
The thig with DMARC is it's a way for the original sender to do te following
Validate the mail
Provide instructions to receiving email servers what to do if mail validation fails.
It should also be noted that DMARC is does not work alone, it is used in conjunction with.
SPF - Which validates the IP address of the sending domain
DKIM - Which signs the mail and also validates that it has not been tampered with.
consider I send you an email. My server is based at 51.68.196.229 (Note to mods, please leave the address as is)
If I send a mail directly to your Virgin Media email address from my ravenstar68.co.uk, it will pass on SPF when my outbound system connects to Virgin Media's inbound mail exchanger when VM checks the IP address.
Lets assume I send it to your personal domain instead.
When it hits the mail forwarder it's your mail forwarder that's talking to VM's mail exchanger. So because it's being sent from a different IP address it will fail SPF.
This means that unless the sender is using DKIM as well then the mail will fail DMARC validation
Note as well that there are some circumstances where a mail will fail DKIM (if the forwarding server alters the mail body or parts of the headers).
It would be nice to check the sending domain's information but if they have set up a DMARC p=reject policy then this is why VM are bouncing the mail.
If you drop me a PM with an example of the bounced email including all the headers (unaltered), I can check it for you.
Note however that I am not a VM employee. I am a VIP, which means we've provenn ourselves to VM in the past, however you still might chose to think twice..
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 30-06-2022 22:09
PS alternatively if you PM me your domain email, I could send a test mail instead. If it bounces I should be able to exaine the bounce
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 04-07-2022 15:59
Hi Tim,
That's kind of what I thought was the issue, so there is no fixing it. We just need to move our email to a professional hosting service.
Thanks for your help.
on 05-07-2022 19:53
Hi JulieD1 thanks for posting and welcome back to our community.
It does look like you've received the answer to your posts from our fantastic community members. Remember, if you ever need assistance in the future, our fantastic community and forum team are always willing to lend a hand. Also if you ever have issues with your Virgin Media services, our website offers lots of advice and can answer many questions. And you can manage your account from here.
Regards
Lee_R
on 05-07-2022 20:03
@JulieD1 wrote:Hi Tim,
That's kind of what I thought was the issue, so there is no fixing it. We just need to move our email to a professional hosting service.
Thanks for your help.
I’m afraid so yes, if you are running any sort of business, then this stuff needs to be done properly, otherwise, as you have found, all sorts of apparently oddball stuff happens.
Now I say oddball, but there really is a good reason for doing it, and ultimately any ISP wants to protect their systems and users as far as possible and if you happen to be collateral damage in it, well sorry but tough!
Look at migrating your business email system to either Microsoft or Google, probably will cost you a bit more but at least these companies do actually have a proper setup.
on 08-07-2022 13:14
DMARC is more about email domain owners protecting their brand, ISP's or rather ESP's (email service providers) are expected to comply with a sending domains DMARC policies should a mail fail authentication checks.
You sent me a PM sking which is the best hosting provider, the answer is I have no particular preferences.
You can use GSuite or Microsoft 365 for business, or any other hosting provider (note: some registrars will let you set up an account through them, but typically there is no need.
Alternatively you could purchase a VPS and set up Ubuntu linux on it and run Mail in a box. Once it's p and running it does everything DNS, mail transport and webmail.
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
08-07-2022 13:41 - edited 08-07-2022 13:44
my linux is almost nonexistent, but I've looked up Mail in a box and that's a great idea - thanks. It might be fun to have a mail server to play with again.
Julie