This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantined Messages / Authentication failure / DMARC

Hello Sophos Email friends,

I'm struggling with the quarantine because there are lots of emails quarantined by "Authentication failure / DMARC".

As an example I have an email that is OK and that looks pretty good, but it's quarantined by DMARC.

The sending server is OK: 

SPF is OK:

DMARC is set, but no policy is activated, so it should be OK: 

The mail header shows

Authentication-Results:; spf=none; dkim=none; dmarc=fail (recordpolicy=none)

How can I get more informations why the mail was quarantined by DMARC policy?

Best regards


This thread was automatically locked due to age.
  •   Thank you for posting in the Community.
    Can you please provide a screenshot of the DMARC policy setting within the Sophos Email? 
    Also, I can see that the mail headers show that "SPF=none" but when I check at the SPF checker, the domain does have an SPF record and have a "-all". Was it added after the fact? 
    The behavior you have seen may have failed because DMARC takes both SPF and DKIM results as its main consideration. So its just not about DMARC records involved here but SPF and DKIM. It seems strange that the "SPF=none" though when there is an SPF record.

  •   Upon further testing, I think I can replicate your issue. Here's the result on my lab:
    Authentication-Results:; spf=none; dkim=none; dmarc=fail (recordpolicy=none)

    From the looks of it, this is an expected behavior. AND I would say that it is because DMARC depends on the SPF and DKIM results. So if the domain takes part on DMARC, then they should also have SPF and DKIM entries.
    IF you do not agree with this behavior from the Sophos Email DMARC checking, then a workaround would be to create a different policy to apply for the external domain which does not have DMARC checking enabled.
    Another is you can get a Technical Support case created to confirm if this is indeed the expected behavior from our DMARC checking. 

  • I've sent an test email again and the mail header is still

    Authentication-Results:; spf=none; dkim=none; dmarc=fail (recordpolicy=none)
    Received-SPF: none; client-ip=; envelope-from=<>;;

  • Generelly I'd aggree, but the DMARC policy of the domain is "none".

    So it's like there's no DMARC record.

    Or are I'm wrong? Stuck out tongue winking eye

Reply Children
No Data