/ Register

Welcome to Centmin Mod Community
Register Now

Email Free Weekly DMARC Email Reports for Your Domain from Postmark

Discussion in 'Domains, DNS, Email & SSL Certificates' started by deltahf, Apr 12, 2016.

Tags:
Previous Thread Next Thread
Loading...
  1. Apr 12, 2016 #1
    deltahf

    deltahf Premium Member Premium Member

    595
    270
    63
    Jun 8, 2014
    Ratings:
    +500
    Local Time:
    3:21 AM
    I've found a neat tool from Postmark which collects DMARC reports about emails sent from your domain by email providers, and sends you a weekly email summarizing what it finds. It's a very interesting way to find out if your domain is being abused - I was shocked to find that over 2,000 emails have been sent from my domain via unauthorized sources in the past week. :eek:

    Check it out here: DMARC Weekly Digests by Postmark
     
  2. Apr 12, 2016 #2
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    5:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Agreed been using Postmark's DMARC services for ages now :D
     
  3. Apr 13, 2016 #3
    deltahf

    deltahf Premium Member Premium Member

    595
    270
    63
    Jun 8, 2014
    Ratings:
    +500
    Local Time:
    3:21 AM
    What are the typical failed percentages in your weekly reports?

    My first report seems high (19% failure).
     
  4. Apr 13, 2016 #4
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    5:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    I get between 0-20% failure/untrusted sources across 200+ domain hostnames.

    You're probably interpreting untrusted sources/failures incorrectly. A bit more about untrusted sources/failures DMARC Untrusted Sources - Postmark Help

     
  5. Apr 13, 2016 #5
    deltahf

    deltahf Premium Member Premium Member

    595
    270
    63
    Jun 8, 2014
    Ratings:
    +500
    Local Time:
    3:21 AM
    Yeah, I read that page. I guess these are just messages from my domain being forwarded or relayed elsewhere, but it caught my attention because many of the mail servers were from India, Brazil, and Mexico - none of which are particularly heavy traffic countries for my website - and made me suspect spam.
     
  6. Apr 13, 2016 #6
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    5:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    make sure your dns is setup properly too. I had one of my domains with alot of failure/untrusted sources and it turns out the parked domain had the wrong DNS A record IP set. After I moved servers, I forgot to update that parked domain's DNS A record IP address. So SPF/DKIM checks when they looked up the A record IP it was resolving to incorrect server IP :whistle:
     
  7. Apr 19, 2016 #7
    deltahf

    deltahf Premium Member Premium Member

    595
    270
    63
    Jun 8, 2014
    Ratings:
    +500
    Local Time:
    3:21 AM
    Some odd domains in my "untrusted sources" report this week...
    Code:
    spectacularsunset.net
chunkyplatform.com
limitedmeans.com
culturalevent.net
celebreationfeaturing.net
surroundingtribal.com
    o_O
     
  8. Apr 19, 2016 #8
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    5:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    heh .. yeah I got a hand full too - probably investigate later on when I have more free time. Working out my plans for DDOS protection for the forums :)
     
  9. Apr 6, 2017 #9
    BamaStangGuy

    BamaStangGuy Active Member

    669
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    2:21 AM
    Glad I found this. I setup a DMARC for each domain a month or so ago and have been looking at them manually.
     
  10. Apr 10, 2017 #10
    BamaStangGuy

    BamaStangGuy Active Member

    669
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    2:21 AM
    Got my first one today:

    Screenshot 2017-04-10 04.35.22.png
     
  11. Apr 10, 2017 #11
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    5:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    nice. small volume for me :)

    upload_2017-4-10_21-55-17.png
     
  12. Apr 10, 2017 #12
    BamaStangGuy

    BamaStangGuy Active Member

    669
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    2:21 AM
    It actually was helpful. One of our sites was missing an SPF record but still had its DKIM setup properly.
     
  13. Apr 10, 2017 #13
    eva2000

    eva2000 Administrator Staff Member

    58,894
    12,490
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +19,122
    Local Time:
    5:21 PM
    Nginx 1.31.x
    MariaDB 10.x/11.4+/12.3+
    Yeah DMARC reports have helped me troubleshoot setups too :)
     
  14. Apr 11, 2017 #14
    buik

    buik “The best traveler is one without a camera.”

    2,044
    527
    113
    Apr 29, 2016
    Flanders
    Ratings:
    +1,691
    Local Time:
    9:21 AM
    This is serious business :) and a serious mail volume.
    As you are using centminmod and regularly ask for advice on this forum.
    A donation to @eva2000 seems logical and justified to me.
    My two cents;)
     
  15. Apr 11, 2017 #15
    BamaStangGuy

    BamaStangGuy Active Member

    669
    192
    43
    May 25, 2014
    Ratings:
    +272
    Local Time:
    2:21 AM
    Who says I haven't? Thanks for the unsolicited advice on what to do with my money though.
     
  16. Dec 14, 2019 #16
    EckyBrazzz

    EckyBrazzz Active Member

    917
    190
    43
    Mar 28, 2018
    >>>>Click here<<<< i'm nearby......
    Ratings:
    +363
    Local Time:
    4:21 AM
    Latest
    Latest
    ok. 0,02$, but it's expensive to transfer only 0,02$ from Brasil to Brisbaine.
     
  17. Jul 7, 2024 #17
    MaximilianKohler

    MaximilianKohler Member

    214
    9
    18
    Jun 23, 2023
    Ratings:
    +39
    Local Time:
    12:21 AM
    I learned recently that Cloudflare has it too. I'll try Postmark to see how it compares.
     
  18. Jun 17, 2025 #18
    MaximilianKohler

    MaximilianKohler Member

    214
    9
    18
    Jun 23, 2023
    Ratings:
    +39
    Local Time:
    12:21 AM
    For a long time, my Postmark DMARC stats were 100% pass. For one of my domains, it still is.

    But for one domain, I started getting a fairly high failure volume for the "Your sources -- These are sources that we know belong to you based on the DNS checks we do". Specifically, for Google.

    DMARC 01.JPG
    DMARC 02.JPG

    I contacted Google, and they said everything is set up correctly and I should ignore 3rd party services.

    I checked Cloudflare and it showed similar percentages of pass/fail. Cloudflare gives more detail than Postmark though. I see that the "Envelop from: domain" is not mine for a bunch of them. IE:
    Code:
    kxynn.liderazgopastoral.org
voldertpa.tech
smpn3cisauk.sch.id
sdrnsmic.in
tirtoproject2.site
trakmukmuk-2.site
    I know people can spoof my domain, but I didn't know they can spoof being sent from Google IPs.

    I had previously set my DMARC policy to "reject", and switched it to "quarantine" because I thought legitimate emails weren't getting through. But now that it seems that it's an issue with the DMARC report, I think I'll switch it back to "reject" to stop these phishing attempts.

    Because of how bad spam filters are, I have to tell people to whitelist our domain, which results in "quarantine" being useless: There needs to be a protest of the 0.3% email spam filter limit of Gmail, Yahoo, and Outlook
     
Previous Thread Next Thread
Loading...

.