DMARC & SPF Fail

infusionmail.com is authorized to send on behalf of my domain, however, it looks like SPF is still failing DMARC’s alignment test. DMARC looks at the Return-Path of a message to make sure the domain there matches the domain in your From address. If the Return-Path path doesn’t match the From address, those messages will fail DMARC’s SPF alignment test.

“Return-Path: mailer@infusionmail.com

Anyone had this issue? IS standard reply is that it is my problem but after 30 minutes of re-education they understand the problem and have informed me that the return path cannot be adjusted. This is not being prioritised as an issue because chat support is giving misguided advice i.e. “go speak with your provider”. All of the online tests for DMARC and SPF for my domain have passed but it looks like some do not test for the return path. It is very confusing but I would like to eliminate it as a possible cause of email rejection.

Everyone we’ve setup with DKIM/SPF/DMARC have not had any issues so if you can provide the domain name in question I might be able to at least spot anything from the server records they are tied to.

Hi John,

lostpetfinders.com.au. Hopefully you can see something. The report is run through postmarc.

Thanks

Hi @Tony_Ryder,

So I can’t check DKIM at the moment (it works differently than through public records like SPF/DMARC) but this is what any ESP will see when they check incoming emails from your domain name:

I’m not certain that the email format in your DMARC record is supported (with the + sign for formatting)…just something to check. p=none is fine which essentially just makes sure that the dmarc record exists in case an ESP requires it’s presence to continue accepting emails…that’s not at all uncommon.

I see you are also using mailgun and google… we have a client that has the exact same details (mailgun, google and Infusionsoft). We’ve found that using that many (but especially mailgun) has been causing them deliverability issues. Particularly in their case, however, mailgun incorrectly reported hard bounces to about 20% of their list even though Infusionsoft sent to their list and hit the inbox as well, in all but three of the “bounced” emails from mailgun. This affected their domain reputation to boot. You may also be reaching your DNS reverse lookup limit (which is normally 10 for most ESP services). You have no less than 8 at the moment but could be more depending on your other server record setup.

Also, as you’ve indicated you’re reporting from Postmark, can you verify that you’ve configured your txt/cname records for them as well? Just want to be sure where the results originate from and rule out that they are informing you that they are not setup correctly?

Thanks John,

The Mailgun reputation can be a concern if you do not have a dedicated IP with them. The deliverability reports look fine. Postmarc is also reporting fine so the “+” is working. I only have a TXT entry fro Postmarc as per their instructions: v=DMARC1; p=none; rua=mailto:re+satoh6hchyv@dmarc.postmarkapp.com; ruf=mailto:re+satoh6hchyv@dmarc.postmarkapp.com

Thank you for the feedback regarding the DNS lookup. I will investigate. Are the lookups the TXT entries?

Without going too far off topic, my main concern is that the emails may be failing because the Return-Path path doesn’t match the From address. This is causing the SPF record to fail in the Postmarc report. I have no clue as to whether this “Fail” is a concern or not for email deliverability?