Question Emails being deleted by DMARC

[Sep B.]

Server operating system version

Ubuntu 20.04.6

Plesk version and microupdate number

18.0.59 #2

Hi there,

I have a question regarding DMARC and I was hoping someone more knowledgeable could point me in the right direction.
We have noticed that lately, a few emails are being deleted by Plesk as soon as they are added to their inbox.

Initially, we thought it was due to the "Warden Anti-spam and Virus Protection" plugin we added to one of the servers. After we checked everything in the logs as well as with their support, we narrowed it down as being an issue with our DMARC settings. I went through everything and can't find it for the life of me can't figure out why the emails are being deleted and not just quarantined in the SPAM folder as per Plesk's settings.

In the attached picture, in the "dmarc" log it shows that the policy is to reject, but looking through all our settings, we have everything to "quarantine".
I know the emails are coming from a genuine source. We can see them pop up in the inbox for a second (we receive the notifications of the email coming in from our desktop email software) but then they are instantly removed without a trace, not even placed in the spam or deleted folder.

Could someone give me some insight into this issue and how I could fix it?

 

[scsa20]

The DNS record you're showing is for the template, but what is the actual DNS record like? You can use mxtoolbox for this as mxtoolbox is super useful for troubleshooting email related issues

DMARC Check Tool - Domain Message Authentication Reporting & Conformance Lookup - MxToolBox is the tool for checking DMARC DNS records.

 

[Sep B.]

I checked all domains in the email chain and attached pictures below.
All domains have been changed to protect our customers, but in essence:
> mailsrv.com is the mail server they used to send to us
> xxxxxxxxxx.gov.uk is supposed to be the main domain they sent from
> random-domain.com is the domain we host on our end

As a side note, I know the email is legitimate as my client does engage with this part of the government at least 2-3 times a month and they send these emails automatically for certain reports or notifications. Also, I noticed the other emails that have this same issue are from public services which use an umbrella type of website service. An example would be school-x.service-name.com is the main domain/service that handles their CRM/Email/etc. services but the public is redirected to the school-x.com domain which is the public-facing website.

Looking now at their top domain DMARC settings, I kinda understand that Plesk just follows their DMARC settings and might just automatically delete the email as it doesn't show as coming from a confirmed source, but is there a way to prevent Plesk from doing it and just put the email in the spam folder for example?

 

[JVG]

Hi,

I think it might be because the reject policy is set on the source domain, not the one hosted in Plesk.

If source domain policy is reject and for some reason the source mailserver is not properly configured it can lead to this error. If this is so, you could exclude the source domain from being check: https://support.plesk.com/hc/en-us/...-a-domain-from-DMARC-check-in-Plesk-for-Linux

 

[Sep B.]

I was thinking the same once I looked at the source config.
I guess I have to inform my client of this and they can deal with their contact and have it fixed on their end. For now, I'll just whitelist their domains and remove them after a few days.

 

[JVG]

I was thinking the same once I looked at the source config.
I guess I have to inform my client of this and they can deal with their contact and have it fixed on their end. For now, I'll just whitelist their domains and remove them after a few days.

This happened to one of my clients early last year with a major international airline. I did exactly the same, temporarily whitelisting.