How can I change the value of a "DMARC FAIL" tag in Anti Spam? At the moment it is always "zero", whatever the result...

Problem reported by Gabriele Maoret - SERSIS - 2/11/2025 at 5:15 AM

Resolved

Analyzing some SPAM emails that have passed through the filters of my SmarterMail server I noticed that the DMARC filter is always set to "0", even if it fails.

Below is an example where DMARC fails, but its score is ZERO and therefore does not contribute to the SPAM score, which remains low and therefore the email passes through the filter::

X-SmarterMail-SpamAction: Low | NoAction
X-SmarterMail-TotalSpamWeight: 18
X-SmarterMail-SpamDetail: 1,2 BODY_URI_ONLY Message body is only a URI in one line of text or for an image
X-SmarterMail-SpamDetail: 0,0 TVD_SPACE_RATIO
X-SmarterMail-SpamDetail: 0,0 HTML_MESSAGE HTML included in message
X-SmarterMail-SpamDetail: 0,1 MIME_HTML_ONLY Message only has text/html MIME parts
X-SmarterMail-SpamDetail: 0,1 MIME_HTML_MOSTLY Multipart message mostly text/html MIME
X-SmarterMail-Spam: DMARC [failed]: 0, Reverse DNS Lookup [Passed]: 0, Null Sender: 0, HONEYPOT [passed]: 0, ISpamAssassin [raw:1,4]: 2, SPF [SoftFail]: 10, DKIM [None]: 5, _ARC: none, Surriel: 0, SpamRats: 0, SEM - Black: 0, Backscatter: 0, Spamhaus - CSS, Spamhaus - PBL, Spamhaus - SBL: 0, SpamCop: 0, UCEProtect Level 1: 0, combined.rbl.msrbl.net: 0, UCEProtect Level 2: 0, BARRACUDA: 0, MailSpike L3, MailSpike L4, MailSpike L5: 0, HostKarma: 0, CBL: 0, URIBL Black, URIBL Red, URIBL Grey: 0, SURBL: 0, SEM-URI: 0

Is it possible to make it so that there are different SPAM scores for DMRC, as for all the other controls?

If so, how?

I can't find this setting...

Gabriele Maoret - Head of SysAdmins at SERSIS

Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)

5 Replies

Reply to Thread

Patrick Jeski Replied

2/11/2025 at 7:13 AM

According to the online help:

"DMARC Quarantine/Suspicious Weight

This is similar to a spam weight: it's the weight assigned to a message if it "fails" the DMARC check. When enabled, the weight is 10 by default."

Settings-> Antispam-> Options - In the upper right corner is DMARC, and the score is below it.

Mine is set to the default 10.

But like you, I had a DMARC fail yesterday, and the header is:

X-SmarterMail-TotalSpamWeight: 5 (Trusted Sender - Domain, DMARC: Failed)

X-SmarterMail-Spam: UCEProtect Level 2: 0, Spamhaus - CBL, Spamhaus - CSS, Spamhaus - PBL, Spamhaus - PBL2, Spamhaus - SBL: 0, Barracuda - BRBL: 0, HostKarma - Blacklist, HostKarma - Brownlist, HostKarma - YellowList: 0, UCEProtect Level 3: 0, CBL - Abuse Seat: 0, UCEProtect Level 1: 0, VIRUS RBL - MSRBL: 0, DMARC [failed]: 0, Reverse DNS Lookup [Passed]: 0, SPF [Pass]: 0, DKIM [Pass]: 0, _ARC: none, HostKarma - Whitelist: 0, URIBL - Black, URIBL - Grey, URIBL - Multi, URIBL - Red: 5, SURBL - Abuse Buster, SURBL - JWSpamSpy, SURBL - Malware, SURBL - Phishing, SURBL - SpamAssasin, SURBL - SpamCop: 0

Delivery log shows "[_DMARC: 0,failed]"

SpamChecks.log shows nothing.

Gabriele Maoret - SERSIS Replied

2/11/2025 at 9:03 AM

Mmmmh...

I have it enabled too:

Maybe it's a BUG?

Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)

Gabriele Maoret - SERSIS Replied

2/11/2025 at 10:20 AM

Marked As Resolution

Oh, okay, I think I understand why. This is the HELP for DMARC scoring in SPAM filtering:

Understanding DMARC Header Entries

When viewing an email header, it's possible to see the various scores given to the spam checks that are enabled. However, some scores depend upon how certain checks are interpreted by SmarterMail. DMARC is one of those checks. Therefore, here's a breakdown of what DMARC header entries can show and what they may mean, specifically when you see DMARC [Failed] in the header.

Typically, DMARC [failed]: will indicate that the DMARC check failed, and the score applied is based on your policy. For exampe, when the domain's DMARC policy is set to None, the score will be 0.
DMARC [failed]: "Any Other Number" indicates that the DMARC check failed, and the domain's DMARC policy is set to Quarantine/Suspicious. When this is how DMARC is configured, the weight associated with the DMARC Quarantine / Suspicious Weight is applied. (Which defaults to 10, but can be changed as needed.)
If DMARC fails and the sender's policy is set to Reject, the email will be rejected in SMTP session, before it's even created as an email. Therefore, no score is assigned.

In short, if the person who configured the DMARC policy in the sender domain set it to "none", then the score will be "0" even if the DMARC test fails.

For the failed DMARC test to consider a score other than "0", then the DMARC policy of the sender domain must be set to "Quarantine" or "Suspicious".

If the domain's DMARC policy is set to "reject", then the connection that fails DMARC will be discarded a priori (at the SMTP connection level), without even going through an ANTISPAM check of the email message.

I checked, and the policy of the domain I checked was indeed set to "none", so it is correct that the score is "0" even if the DMARC test fails...

So it seems to me that everything is correct.