Hello, does anyone know about recent Google/Gmail DMARC changes?
I noticed new field "DMARC" in the "Show original" message overview and caused for the message with valid DKIM and SPF to be delivered to Spam. No such field exist in the interface for older messages, so this is something fresh.
After creating default _dmarc TXT record (with p=none currently), it was fixed.
Anyone heard something? Thank you.
EDIT: Based on older messages, that field was added 1 of May.
It looks like this started all the way back in the beginning of last year: https://www.mimecast.com/blog/guide-to-google-dmarc-setup/
This overview also shows other requirements you may have missed: https://www.proofpoint.com/us/blog/email-and-cloud-threats/g...
As for DMARC in the headers, I'm pretty sure Google has done that for years when DMARC is being checked (i.e. when it's being offered by the sending domain).
Canonical links to Google's advice: https://support.google.com/a/answer/81126 and https://support.google.com/a/answer/14229414
(and yes, this was supposed to be enforced last year)
As long as I can remember there have been 3 lines in “Show Original”: SPF, DKIM, DMRARC.
Google does have newish (early 2024) policy regarding messages purporting to be from domains which lack a DMARC policy statement. But this is about mail delivery, not the Show Original UI feature. It’s possible they have been only slowly ramping up implementation or perhaps your domain was previously under the threshold but is now over.
https://blog.google/products/gmail/gmail-security-authentica...
This should have an “Ask HN: ” prefix in the title, although that rule is not strictly enforced.
https://news.ycombinator.com/ask for other examples.
Well, thought it is added automatically, sorry about that.
Probably should be.
I've seen "DMARC: 'PASS'" on Show Original for a long time (years?).
Maybe when the record for that domain existed, it showed up even then. But I checked this for few emails older than May, and it is not there until 1st of May, where it is failing, if record does not exist.
Is this new? Some time back (a year back or so), CloudFlare pushed setting up SPF, DKIM, DMRARC the right way and I did so for a lot of my domains. That was the time I read about Google and others being more strict about email deliveries.
[deleted]