This is an automated archive.
The original was posted on /r/sysadmin by /u/icechris on 2024-01-23 09:49:10+00:00.
We've recently set up SPF, DKIM and DMARC on our emails but we're experiencing issues with certain things failing.
We have Google Workspace with two domains linked (abc and xyz). Both domains have SPF, DKIM and DMARC set up on their relevant domains.
I tried testing them out using and the following seems to happen:
Email from abc passes all checks. This is the domain that is the primary on Workspace.
Email from xyz passes DKIM and DMARC but fails on SPF because it shows the abc domain instead.
Is this because it's using the primary domain for the SPF on both cases? As our primary domain is our older address while we generally use the xyz domain as our publicly advertised address.
We're getting lots of DMARC fails then flagged up on the analysis tool we have access to due to this.
Google advised updating the DMARC to include a dmarc-reports@domain in the rua field which I've added now but it is still showing as a failure on SPF within DMARC.
The analysis tool is showing the failures are predominately where Google is posing as us and sending emails like Google Groups and forwarding etc.
Abc:
Xyz:
Any ideas how we can solve this so we can move our DMARC to q or r instead of none?