• Please be aware: Kaspersky Anti-Virus has been deprecated
    With the upgrade to Plesk Obsidian 18.0.64, "Kaspersky Anti-Virus for Servers" will be automatically removed from the servers it is installed on. We recommend that you migrate to Sophos Anti-Virus for Servers.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.
  • We’re working on enhancing the Monitoring feature in Plesk, and we could really use your expertise! If you’re open to sharing your experiences with server and website monitoring or providing feedback, we’d love to have a one-hour online meeting with you.

Question Emails being deleted by DMARC

Sep B.

New Pleskian
Server operating system version
Ubuntu 20.04.6
Plesk version and microupdate number
18.0.59 #2
Hi there,

I have a question regarding DMARC and I was hoping someone more knowledgeable could point me in the right direction.
We have noticed that lately, a few emails are being deleted by Plesk as soon as they are added to their inbox.

Initially, we thought it was due to the "Warden Anti-spam and Virus Protection" plugin we added to one of the servers. After we checked everything in the logs as well as with their support, we narrowed it down as being an issue with our DMARC settings. I went through everything and can't find it for the life of me can't figure out why the emails are being deleted and not just quarantined in the SPAM folder as per Plesk's settings.

In the attached picture, in the "dmarc" log it shows that the policy is to reject, but looking through all our settings, we have everything to "quarantine".
I know the emails are coming from a genuine source. We can see them pop up in the inbox for a second (we receive the notifications of the email coming in from our desktop email software) but then they are instantly removed without a trace, not even placed in the spam or deleted folder.

Could someone give me some insight into this issue and how I could fix it?
 

Attachments

  • deleted-email-steps.png
    deleted-email-steps.png
    305.9 KB · Views: 10
  • DMARC settings.png
    DMARC settings.png
    101.2 KB · Views: 10
  • DNS Settings.png
    DNS Settings.png
    63.1 KB · Views: 10
I checked all domains in the email chain and attached pictures below.
All domains have been changed to protect our customers, but in essence:
> mailsrv.com is the mail server they used to send to us
> xxxxxxxxxx.gov.uk is supposed to be the main domain they sent from
> random-domain.com is the domain we host on our end

As a side note, I know the email is legitimate as my client does engage with this part of the government at least 2-3 times a month and they send these emails automatically for certain reports or notifications. Also, I noticed the other emails that have this same issue are from public services which use an umbrella type of website service. An example would be school-x.service-name.com is the main domain/service that handles their CRM/Email/etc. services but the public is redirected to the school-x.com domain which is the public-facing website.

Looking now at their top domain DMARC settings, I kinda understand that Plesk just follows their DMARC settings and might just automatically delete the email as it doesn't show as coming from a confirmed source, but is there a way to prevent Plesk from doing it and just put the email in the spam folder for example?
 

Attachments

  • DMARC-result-receiving-domain.png
    DMARC-result-receiving-domain.png
    90.7 KB · Views: 6
  • gov-domain-dmarc.png
    gov-domain-dmarc.png
    115.9 KB · Views: 6
  • sending-mail-server.png
    sending-mail-server.png
    36.1 KB · Views: 6
I was thinking the same once I looked at the source config.
I guess I have to inform my client of this and they can deal with their contact and have it fixed on their end. For now, I'll just whitelist their domains and remove them after a few days.
 
I was thinking the same once I looked at the source config.
I guess I have to inform my client of this and they can deal with their contact and have it fixed on their end. For now, I'll just whitelist their domains and remove them after a few days.
This happened to one of my clients early last year with a major international airline. I did exactly the same, temporarily whitelisting.
 
Back
Top