Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Quarantined Messages / Authentication failure / DMARC

Hello Sophos Email friends,

I'm struggling with the quarantine because there are lots of emails quarantined by "Authentication failure / DMARC".

As an example I have an email that is OK and that looks pretty good, but it's quarantined by DMARC.

The sending server is OK: https://mxtoolbox.com/SuperTool.aspx?action=mx%3akaffee-partner.de&run=toolpage 

SPF is OK: https://mxtoolbox.com/SuperTool.aspx?action=spf%3akaffee-partner.de&run=toolpage

DMARC is set, but no policy is activated, so it should be OK: https://mxtoolbox.com/SuperTool.aspx?action=dmarc%3akaffee-partner.de&run=toolpage 

The mail header shows

Authentication-Results: mx-01-eu-central-1.prod.hydra.sophos.com; spf=none smtp.helo=mail2.kaffee-partner.de; dkim=none; dmarc=fail (recordpolicy=none) header.from=kaffee-partner.de

How can I get more informations why the mail was quarantined by DMARC policy?

Best regards

Tino



This thread was automatically locked due to age.
Parents Reply Children
  •  
    Perhaps the SPF record was not present when the DMARC failed where SPF and DKIM = none.  
    Can the issue be replicated again now?
    If it can be replicated again, then this is definitely not how SPF result should show since there is indeed an SPF record. 
    This is why I asked earlier "Also, I can see that the mail headers show that "SPF=none" but when I check at the SPF checker, the domain does have an SPF record and have a "-all". Was it added after the fact? "