Troubleshooting failed email from DMARC


DMARC is basically a validation system for incoming email. It checks that the domain of the From email address matches the domain the message is actually being sent through. If the domains don’t match, the email fails the DMARC check.


Covered in this article:

What is DMARC

How to fix the email failed from DMARC


What is DMARC


DMARC stands for domain-based message authentication, reporting, and conformance. It is a protocol that uses SPF and DKIM to determine the authenticity of an email, giving domain owners the ability to protect their domain from unauthorized use.


DMARC provides instructions to receiving servers about how to handle incoming mail. In order to get delivered, messages need to pass DKIM and SPF alignment checks according to the requirements set by the DMARC policy. Messages that do not pass DMARC checks can be rejected, reported back to the domain owner, or placed in the spam folder.


Implementing a DMARC policy on your domain can help protect you from spoofing, limiting your brand’s and recipients' exposure to potentially fraudulent and harmful messages.

 

How to fix the email failed from DMARC


LC email system has two types of sending domains.


1. Shared sending domain: 

When you switched to LC email system or not configured your own mailgun / SMTP all your email will be sent through LC shared domain mg.msgsndr.net and mg.msgsndr.org


DMARC is not required to send emails from the shared domains on LeadConnector email system. 



The error message says:

"The domain in your from address (kate@gohighlevel.com) has a p=reject DMARC policy. Without a dedicated sending domain configured, most inbox providers will reject your messages, resulting in elevated bounces. To avoid elevated bounces, use company emails."


Your actual DMARC record is: v=DMARC1; p=reject"


To fix the issue, Temporarily change your DMARC record with your DNS to have a p=none policy


The DMARC error message above has a p=reject or p=quarantine. This will prevent emails that fail DMARC to be sent to the Inbox folder. To make sure messages are delivered even if DMARC fails, you will want to change the policy in your DMARC to p=none with your DNS provider. Moving to a more relaxed policy is not recommended so this change should be temporary.

2. Dedicated sending domain

In order to be DMARC compliant, you need to connect a dedicated sending domain to your account that matches the domain in your sender email address (i.e. your from address). For example, if you send an email using kate@gohighlevel.com as the from-address and gohighlevel.com is protected by DMARC, your account will need to use a dedicated sending domain like mg.gohighlevel.com to meet DMARC requirements.