• Contact Us
  • Pricing
  • Search
  • Register
  • Login
  • DNS Tools
    • MX Records
    • A Records
    • CNAME Record
    • PTR Record
    • SPF/TXT Records
    • NS Records
  • Domain Tools
    • ARIN Records
    • WHOIS Records
  • Blacklists
    • Blacklist Checker
    • Whitelist Checker
    • Email Blacklist Removal Tool
  • Email Tools
  • Port Scans
  • Other Tools
    • IP Tools
      • IP Address Converter
      • IP Address Locator
      • IP Range To CIDR
    • Chrome Extension - Email Deliverability Checker
  • Blog
    • First Time Sender
      • Email Certification
      • Email Throttling
      • IP Warming
    • Formatting Emails
      • For Browsers
      • For Devices
      • For Email Clients
    • How To Avoid
    • How To Set Up
    • Mail Tester Guide
      • Email Headers Explained
      • MX Records, PTR Records, and Reverse PTR Records AKA rDNS
      • RFC Syntax Checking
      • Email Port Checks
      • SPF Record and Alignment
      • DKIM Signatures and Alignment
      • DMARC Checker
      • Mail Tester Test Tool
    • Measuring Peformance
      • Bounces
      • Clickthrough Rates
      • Open Rates
    • Related Resources
    • Rules to Follow
      • Can Spam Act
      • Postmaster Guidelines
  • Member Services
    • Members Area
    • Blacklist Monitoring
    • Complete Monitoring Solution
    • Domain Name Monitoring
    • Feedback Loop Submissions
    • Full Port Scan Monitoring
    • Mail Tester Pro Tool
    • Mail Miner
    • Spam Detector Toolbox
    • Trusted Sender Site Seal

DMARC - The Contact Us Nightmare!

DMARC - How is it a contact us nightmare?

Just about every website has a contact us form, so if you have one, pay attention. If you don't know what DMARC is, then read up on it here: DMARC Information
It simply stands for "Domain-based Message Authentication, Reporting & Conformance", it's an email authentication protocol that prevents fraudulent emails to be sent on your behalf. If a potential customer from "johndoe@example.com" has a DMARC policy set and he goes to your contact us page and tries to contact you and your MTA (Mail Server) spam filter has DMARC Enabled on it. It will reject the message.

WHOA, Why is it rejecting the message?

Lets take for example, some very common code written in PHP, that most websites use on their contact us form. This applies to every programming langauge.

$from="From: $name<$email>\r\nReturn-path: $email";
$subject="Message sent using your contact form";
mail("you@yoursite.com", $subject, $message, $from);

If you already figured it out good for you, if you haven't, lets DMARC on. A visitor comes to you website and wants to ask a question about something your selling. They click your "Contact Us" form and type in their name, email, and message and hits send. Your website then connects your mail server and sends an email using the person's email as the FROM address. This visitor ESP "Email Service Provider" has DMARC turned on with a p=reject policy, your ESP also has DMARC turned on. Your ESP see's that vistor@hisesp.com didn't send the mail to you and reject's the email.

Uh Oooo, you just lost out on a potential customer or contact.

True story, that's what I did, I went to a company's website and used their contact us for to email them a question about something they were selling. A few minutes later I receive this.

XXXXXX@gmail.com host gmail-smtp-in.l.google.com [2a00:1450:4013:c01::1a] SMTP error from remote mail server after end of data:
550-5.7.1 Unauthenticated email from unlocktheinbox.com is not accepted due to
550-5.7.1 domain's DMARC policy. Please contact administrator of unlocktheinbox
550-5.7.1 .com domain if this was a legitimate mail. Please visit
550-5.7.1 https://support.google.com/mail/answer/2451690 to learn about DMARC
550 5.7.1 initiative. by8si8516828wjb.40 - gsmtp

I was shocked, this company just lost a sale. They have no ideal that GMAIL is honoring my DMARC Record.  A lot of people assume things just magically work.  Setting up, configuring, and understanding how email works is important. So test your email configuration and set up by sending an email to "mailtest@unlocktheinbox.com"

So how do we fix this?

It's very simple, the from and return-path should be your email address and you should put the customers email address in the subject line, the body of the message, or the Reply-to Field. This way the message comes from you and not the customer and you pass all email authentication checks include SPF and DMARC.

Source: Unlock The Inbox

Copyright © 2019 Unlock The Inbox