Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantined Messages / Authentication failure / DMARC

Hello Sophos Email friends,

I'm struggling with the quarantine because there are lots of emails quarantined by "Authentication failure / DMARC".

As an example I have an email that is OK and that looks pretty good, but it's quarantined by DMARC.

The sending server is OK: https://mxtoolbox.com/SuperTool.aspx?action=mx%3akaffee-partner.de&run=toolpage 

SPF is OK: https://mxtoolbox.com/SuperTool.aspx?action=spf%3akaffee-partner.de&run=toolpage

DMARC is set, but no policy is activated, so it should be OK: https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3akaffee-partner.de&run=toolpage 

The mail header shows

Authentication-Results: mx-01-eu-central-1.prod.hydra.sophos.com; spf=none smtp.helo=mail2.kaffee-partner.de; dkim=none; dmarc=fail (recordpolicy=none) header.from=kaffee-partner.de

How can I get more informations why the mail was quarantined by DMARC policy?

Best regards

Tino



This thread was automatically locked due to age.
Parents
  •   Thank you for posting in the Community.
    Can you please provide a screenshot of the DMARC policy setting within the Sophos Email? 
    Also, I can see that the mail headers show that "SPF=none" but when I check at the SPF checker, the domain does have an SPF record and have a "-all". Was it added after the fact? 
    The behavior you have seen may have failed because DMARC takes both SPF and DKIM results as its main consideration. So its just not about DMARC records involved here but SPF and DKIM. It seems strange that the "SPF=none" though when there is an SPF record.

Reply
  •   Thank you for posting in the Community.
    Can you please provide a screenshot of the DMARC policy setting within the Sophos Email? 
    Also, I can see that the mail headers show that "SPF=none" but when I check at the SPF checker, the domain does have an SPF record and have a "-all". Was it added after the fact? 
    The behavior you have seen may have failed because DMARC takes both SPF and DKIM results as its main consideration. So its just not about DMARC records involved here but SPF and DKIM. It seems strange that the "SPF=none" though when there is an SPF record.

Children