DMARC setup for subdomain

[AzzidReign]

I've noticed that a lot of my emails I send out are going to spam and have gone through all the steps with DNS changes to make it so everything is legit but I'm having a problem.

Using MX Tools, this is saying that my policy isn't enabled. I have it but it's set for my root domain which you can see here:

So it seems my problem is setting up the mail.se7ensins.com to have the DMARC policy but I'm not sure how to edit the DNS to do that and was hoping some of the smart individuals here could help. I use CloudFlare for my DNS management.

I send from the noreply[at][domainabove].com through sendy, but I believe we have it set up to send through the sub domain mail.se7ensins.com (since we are using a separate server to mask the main server IP from DDoS) before it's forwarded to SES.

What settings do I need to change in my DNS to get this working properly?

 

[m1ne]

Does mail.se7ensins.com have an SPF record? It should.
I believe you should also add a TXT record for _dmarc.mail.se7ensins.com as well.
You may also need to add these to your existing dmarc record:

adkim=r
aspf=r

This will fix alignment issues with SPF and/or DKIM.

 

[eva2000]

Using MX Tools, this is saying that my policy isn't enabled. I have it but it's set for my root domain which you can see here

DMARC, SPF, DKIM all need to be set for both root domain and mail sending hostnames. I believe you use Centmin Mod, so relevant reading https://community.centminmod.com/th...ver-email-doesnt-end-up-in-spam-inboxes.6999/

 

[AzzidReign]

You may also need to add these to your existing dmarc record:

adkim=r
aspf=r

Doesn't it default to those? If not, is that all I have to add? I was reading a document that was showing a lot more to be added with those. And where to add them? This is my line right now:

v=DMARC1; p=none; rua=mailto:aggregate@se7ensins.com; ruf=mailto:forensic@se7ensins.com; sp=none; fo=0:1:d:s;

 

[AzzidReign]

I believe you should also add a TXT record for _dmarc.mail.se7ensins.com as well.

I added this and it still is saying failed. Though...I'll wait to see if it's possibly something to do with just updating it and checking a few minutes after. We'll see.

Does mail.se7ensins.com have an SPF record? It should.

Yes it does.

 

[AzzidReign]

_dmarc.mail.se7ensins.com as well.

Just checked and this is still reporting that I do not have it. Since my sysadmin is coming back from vacation, I'll be looking more at @eva2000's solution. Hopefully that works out.

 

[eva2000]

Just checked and this is still reporting that I do not have it. Since my sysadmin is coming back from vacation, I'll be looking more at @eva2000's solution. Hopefully that works out.

see https://mxtoolbox.com/problem/dmarc...7ensins.com&showlogin=1&hidepitch=0&hidetoc=1

This Warning indicates that the DMARC record for this domain is not currently protected against phishing and spoofing threats. To resolve this Warning you will need to set a Quarantine or Reject policy on the domain's DMARC record. Setting a Quarantine or Reject value will prevent fraudsters from spoofing the domain as mail servers will Quarantine or Reject messages that fail authentication tests.

*Note: It is advised to not set a Quarantine or Reject policy until you have evaluated your DMARC reports to make sure you don't have any legitimate senders that have email delivery problems.

 

[AzzidReign]

@eva2000
Yeah, I'm trying to set it but it's not set for the subdomain. Again, will need my sysadmin to help with that. I'm "server dumb".