we are getting bounce email on our workplace how to solved

Google Workspace Developers Q&A
1

we are getting bounce email on our workplace how to solved

this response was:

550 5.7.26 Unauthenticated email from our email is not accepted due to domain’s DMARC policy. Please contact the administrator of domain if this was a legitimate mail. To learn about the DMARC initiative, go to a640c23a62f3a-a5a17bb694dsor41301666b.19 - gsmtp

2

@aosspl Check your DKIM settings and SPF & DMARC policies to make sure they are all passing. It sounds like you have one that is not working. This playbook may help explain things more: https://docs.google.com/document/d/1VD-6wBLHJOZDlsqxJDTAte-98xlrb94qx41rpVVD0O8/edit#heading=h.gk5qqegwswkg -KAM

3

The SPF/DKIM/DMARC Email Deliverability Package & Playbook offered by PCCC is a comprehensive solution aimed at improving email deliverability and combating domain spoofing. Here’s a breakdown of its components and the steps involved:

1. SPF (Sender Policy Framework):

  • SPF is a policy for your domain that specifies the mail servers or services authorized to send emails on behalf of your domain.
  • PCCC conducts a technical discovery and interview with your IT staff to identify all email sending sources, such as Raptor, Microsoft 365, Mailchimp, etc.
  • The goal is to publish an SPF “-all” record for strict enforcement, though a “~all” record may be used initially if there are uncertainties.
  • SPF focuses on the “Envelope From” domain, not the “Header From,” which can be exploited by spammers.

2. DKIM (DomainKeys Identified Mail):

  • DKIM cryptographically signs certain parts of your email, allowing recipients to verify that the email has not been modified.
  • Each service (e.g., Google Workspace, Mailchimp) requires a unique DKIM implementation.
  • Raptor Email Security can provide centralized DKIM signing for services lacking DKIM functionality.

3. DMARC (Domain-based Message Authentication, Reporting, and Conformance):

  • DMARC is a policy that instructs recipient servers on how to handle emails that fail SPF or DKIM checks.
  • Publishing a DMARC record is beneficial even if no specific policy is set, as it helps improve email hygiene.
  • PCCC includes a unique loopback test feature to monitor DKIM signature problems for up to 30 days at no extra cost.

Playbook:

  • The playbook outlines the technical discovery steps, including checking for existing SPF and DMARC records and verifying DKIM implementation.
  • An interview with the IT (and Marketing) team helps compile a list of all services sending emails for the domain.
  • Building the SPF record involves thorough research on each email service provider and peer review before publishing.
  • A DMARC record with a “p=none” policy is initially published to allow emails to pass SPF or DKIM checks.
  • DKIM implementation is carried out across all relevant providers, with centralized signing available through Raptor Email Security.
  • Testing DKIM for up to 30 days involves requesting clients to add testing addresses to their mailing lists, CRM systems, etc.
  • After evaluation, considering transitioning to stricter SPF and DMARC policies.

In summary, the SPF/DKIM/DMARC Email Deliverability Package & Playbook offers a structured approach to enhance email security, combat domain spoofing, and improve deliverability, ultimately benefiting organizations’ email communication.