Back to Community Threads
DMARC and spoofed email question...
Question asked by Brian - 3/25/2026 at 8:26 PM
Answered
If spoofed email is received where the spoofed domain has "p=reject" policy, why would SmarterMail not reject the email?

In the header, I see: X-SmarterMail-Spam: DMARC [failed]: 0

DMARC is enabled under Antispam. Fallback policy set to reject. Quarantine/Suspicious weight set to 30.
Spoofed email landed in Junkmail based on other Antispam policies.

Thanks.
Derek Curtis Replied
3/26/2026 at 9:13 AM
Employee Post Marked As Answer
As I understand it, consequences of DMARC [Fail] is based on the sender's DMARC policy. As such, there's only so much SmarterMail can do. We can score the message if the policy is set to quarantine (e.g., "p=quarantine"), or if DKIM and/or SPF fails (which makes it suspicious), but if the sender sets their policy to "None" they they're simply monitoring, there's no enforcement action.

You could adjust SPF and DKIM fail weights to try and circumvent the DMARC none "fail". 
Derek Curtis
CCO
SmarterTools Inc.
Tony Scholz Replied
3/26/2026 at 10:01 AM
Employee Post
Hello, 

To add to what Derek mentioned above, you can find the details by doing a review of the SMTP logs on the server. You can do a search for DMARC.

DMARC Failed example
19:28:34.525 [IP][6962646] rsp: 550 Message rejected due to senders DMARC policy
19:28:34.525 [IP][6962646] A trace of the DMARC processing follows.
19:28:34.525 [IP][6962646] Beginning DMARC check for SRS0=DGM6=AW=DEV.WINDOWS.SMARTERMAIL.IO=LOGAN@DEV.WINDOWS.SMARTERMAIL.IO from IP 10.1.11.1...
19:28:34.525 [IP][6962646] The from field for the message is ""logan@dev.windows.smartermail.io" <logan@dev.windows.smartermail.io>".  Will look for DMARC policy record at _dmarc.dev.windows.smartermail.io
19:28:34.525 [IP][6962646] Retrieved the following DMARC policy record for "dev.windows.smartermail.io": v=DMARC1;  p=reject; rua=mailto:8d1467e7a79b489bb33c7f563f992938@dmarc-reports.cloudflare.net
19:28:34.525 [IP][6962646] Loading DMARC record: v=DMARC1;  p=reject; rua=mailto:8d1467e7a79b489bb33c7f563f992938@dmarc-reports.cloudflare.net
19:28:34.525 [IP][6962646] Signature to verify:
19:28:34.525 [IP][6962646] DMARC: SPF result SoftFail. SenderIp: 10.1.11.1, SMTPSenderAddress: SRS0=DGM6=AW=DEV.WINDOWS.SMARTERMAIL.IO=LOGAN@DEV.WINDOWS.SMARTERMAIL.IO, SenderEhlo: dev.windows.smartermail.io, AuthMethodResult: spf=softfail reason="[no matches for 10.1.11.1]; all result of SoftFail observed"
19:28:34.525 [IP][6962646] DMARC: DKIM Override Good for domain dev.windows.smartermail.io
19:28:34.525 [IP][6962646] DMARC: No DKIM signatures found or all DKIM signatures failed.
19:28:34.525 [IP][6962646] DMARC: SPF failure.
19:28:34.525 [IP][6962646] DMARC DKIM domains; dev.windows.smartermail.io SPF domain: DEV.WINDOWS.SMARTERMAIL.IO, DMARC domain: dev.windows.smartermail.io. DKIM succeeded: False, SPF succeeded: False.

DMARC Passed

22:33:22.565 [IP][1149619] DMARC Results: Passed (Domain: dev.linux.smartermail.io, Reason: SPF: False, DKIM: True, Alignments: 1, Domain: dev.linux.smartermail.io), Reason: SPF: False, DKIM: True, Alignments: 1, Domain: dev.linux.smartermail.io, Reject? False
Tony Scholz
Lead Network/System Administrator
SmarterTools Inc.
Brian Replied
3/26/2026 at 11:06 AM
Here are two examples. I don't see the "Loading DMARC record."

DMARC Policy for Intuit.com
v=DMARC1; p=reject; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;fo=1
Example 1
[2026.03.25] 02:01:10.635 [141.255.161.169][54482067] Connection initiated
[2026.03.25] 02:01:10.641 [141.255.161.169][54482067] rsp: 220 mail.mydomain.com  Service ready
[2026.03.25] 02:01:10.642 [141.255.161.169][54482067] connected at 3/25/2026 2:01:10 AM
[2026.03.25] 02:01:10.642 [141.255.161.169][54482067] Country code: CH
[2026.03.25] 02:01:10.769 [141.255.161.169][54482067] cmd: EHLO vasilabi.info
[2026.03.25] 02:01:10.769 [141.255.161.169][54482067] rsp: 250-mail.mydomain.com Hello [141.255.161.169]250-SIZE 136533333250-AUTH PLAIN LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2026.03.25] 02:01:10.897 [141.255.161.169][54482067] cmd: STARTTLS
[2026.03.25] 02:01:10.897 [141.255.161.169][54482067] rsp: 220 Start TLS negotiation
[2026.03.25] 02:01:11.276 [141.255.161.169][54482067] cmd: EHLO vasilabi.info
[2026.03.25] 02:01:11.276 [141.255.161.169][54482067] rsp: 250-mail.mydomain.com Hello [141.255.161.169]250-SIZE 136533333250-AUTH PLAIN LOGIN CRAM-MD5250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2026.03.25] 02:01:11.400 [141.255.161.169][54482067] cmd: MAIL FROM:<no-reply@quickbooks.intuit.com> SIZE=9394
[2026.03.25] 02:01:11.400 [141.255.161.169][54482067] senderEmail(1): no-reply@quickbooks.intuit.com
[2026.03.25] 02:01:11.928 [141.255.161.169][54482067] rsp: 250 OK <no-reply@quickbooks.intuit.com> Sender ok
[2026.03.25] 02:01:11.928 [141.255.161.169][54482067] Sender accepted. Weight: 6. Block threshold: 30. Failed checks: Reverse Dns Lookup (5,ForwardMismatch), _SPF (1,None)
[2026.03.25] 02:01:12.051 [141.255.161.169][54482067] cmd: RCPT TO:<1info@mydomain.com> ORCPT=rfc822;myuser@mydomain.com
[2026.03.25] 02:01:12.052 [141.255.161.169][54482067] rsp: 250 OK <myuser@mydomain.com> Recipient ok
[2026.03.25] 02:01:12.176 [141.255.161.169][54482067] cmd: DATA
[2026.03.25] 02:01:12.176 [141.255.161.169][54482067] Performing PTR host name lookup for 141.255.161.169
[2026.03.25] 02:01:12.176 [141.255.161.169][54482067] PTR host name for 141.255.161.169 resolved as hostedby.privatelayer.com
[2026.03.25] 02:01:12.178 [141.255.161.169][54482067] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2026.03.25] 02:01:12.303 [141.255.161.169][54482067] senderEmail(2): no-reply@quickbooks.intuit.com parsed using FROM: QuickBooks <no-reply@quickbooks.intuit.com>
[2026.03.25] 02:01:12.304 [141.255.161.169][54482067] Sender accepted. Weight: 6. Block threshold: 30. Failed checks: Reverse Dns Lookup (5,ForwardMismatch), _SPF (1,None)
[2026.03.25] 02:01:12.670 [141.255.161.169][54482067] DMARC Results: Failed (Domain: intuit.com, Reason: SPF: False, DKIM: False, Alignments: 0, Domain: intuit.com), Reason: SPF: False, DKIM: False, Alignments: 0, Domain: intuit.com, Reject? False
[2026.03.25] 02:01:12.670 [141.255.161.169][54482067] rsp: 250 OK
[2026.03.25] 02:01:12.677 [141.255.161.169][54482067] Received message size: 9363 bytes
[2026.03.25] 02:01:12.680 [141.255.161.169][54482067] Successfully wrote to the HDR file. (c:/SmarterMail/Spool/SubSpool5/53406625.hdr)
[2026.03.25] 02:01:12.680 [141.255.161.169][54482067] Data transfer succeeded, writing mail to 53406625.eml (MessageID: <20260323114908.3C4C6C9842202BE6@quickbooks.intuit.com>)
[2026.03.25] 02:01:12.803 [141.255.161.169][54482067] cmd: QUIT
[2026.03.25] 02:01:12.803 [141.255.161.169][54482067] rsp: 221 OK
[2026.03.25] 02:01:12.803 [141.255.161.169][54482067] disconnected at 3/25/2026 2:01:12 AM
Example 2
[2026.03.25] 10:52:21.053 [141.255.161.168][54029936] Connection initiated
[2026.03.25] 10:52:21.059 [141.255.161.168][54029936] rsp: 220 mail.mydomain.com  Service ready
[2026.03.25] 10:52:21.059 [141.255.161.168][54029936] connected at 3/25/2026 10:52:21 AM
[2026.03.25] 10:52:21.059 [141.255.161.168][54029936] Country code: CH
[2026.03.25] 10:52:21.186 [141.255.161.168][54029936] cmd: EHLO razutazu.info
[2026.03.25] 10:52:21.186 [141.255.161.168][54029936] rsp: 250-mail.mydomain.com Hello [141.255.161.168]250-SIZE 136533333250-AUTH PLAIN LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2026.03.25] 10:52:21.310 [141.255.161.168][54029936] cmd: STARTTLS
[2026.03.25] 10:52:21.310 [141.255.161.168][54029936] rsp: 220 Start TLS negotiation
[2026.03.25] 10:52:21.698 [141.255.161.168][54029936] cmd: EHLO razutazu.info
[2026.03.25] 10:52:21.698 [141.255.161.168][54029936] rsp: 250-mail.mydomain.com Hello [141.255.161.168]250-SIZE 136533333250-AUTH PLAIN LOGIN CRAM-MD5250-8BITMIME250-SMTPUTF8250-DSN250 OK
[2026.03.25] 10:52:21.821 [141.255.161.168][54029936] cmd: MAIL FROM:<do_not_reply@quickbooks.intuit.com> SIZE=10218
[2026.03.25] 10:52:21.821 [141.255.161.168][54029936] senderEmail(1): do_not_reply@quickbooks.intuit.com
[2026.03.25] 10:52:22.039 [141.255.161.168][54029936] rsp: 250 OK <do_not_reply@quickbooks.intuit.com> Sender ok
[2026.03.25] 10:52:22.039 [141.255.161.168][54029936] Sender accepted. Weight: 6. Block threshold: 30. Failed checks: Reverse Dns Lookup (5,ForwardMismatch), _SPF (1,None)
[2026.03.25] 10:52:22.163 [141.255.161.168][54029936] cmd: RCPT TO:<myuser@mydomain.com> ORCPT=rfc822;myuser@mydomain.com
[2026.03.25] 10:52:22.164 [141.255.161.168][54029936] rsp: 250 OK <myuser@mydomain.com> Recipient ok
[2026.03.25] 10:52:22.287 [141.255.161.168][54029936] cmd: DATA
[2026.03.25] 10:52:22.287 [141.255.161.168][54029936] Performing PTR host name lookup for 141.255.161.168
[2026.03.25] 10:52:22.288 [141.255.161.168][54029936] PTR host name for 141.255.161.168 resolved as hostedby.privatelayer.com
[2026.03.25] 10:52:22.289 [141.255.161.168][54029936] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2026.03.25] 10:52:22.414 [141.255.161.168][54029936] senderEmail(2): do_not_reply@quickbooks.intuit.com parsed using FROM: QuickBooks <do_not_reply@quickbooks.intuit.com>
[2026.03.25] 10:52:22.415 [141.255.161.168][54029936] Sender accepted. Weight: 6. Block threshold: 30. Failed checks: Reverse Dns Lookup (5,ForwardMismatch), _SPF (1,None)
[2026.03.25] 10:52:22.794 [141.255.161.168][54029936] DMARC Results: Failed (Domain: intuit.com, Reason: SPF: False, DKIM: False, Alignments: 0, Domain: intuit.com), Reason: SPF: False, DKIM: False, Alignments: 0, Domain: intuit.com, Reject? False
[2026.03.25] 10:52:22.794 [141.255.161.168][54029936] rsp: 250 OK
[2026.03.25] 10:52:22.796 [141.255.161.168][54029936] Received message size: 10187 bytes
[2026.03.25] 10:52:22.799 [141.255.161.168][54029936] Successfully wrote to the HDR file. (c:/SmarterMail/Spool/SubSpool5/53406355.hdr)
[2026.03.25] 10:52:22.799 [141.255.161.168][54029936] Data transfer succeeded, writing mail to 53406355.eml (MessageID: <20260317103452.E7C7CA485F97A805@quickbooks.intuit.com>)
[2026.03.25] 10:52:22.919 [141.255.161.168][54029936] cmd: QUIT
[2026.03.25] 10:52:22.919 [141.255.161.168][54029936] rsp: 221 OK
[2026.03.25] 10:52:22.919 [141.255.161.168][54029936] disconnected at 3/25/2026 10:52:22 AM
Tony Scholz Replied
3/26/2026 at 12:09 PM
Employee Post
Hello Brian, 

I am seeing the same locally for that domain. 

_dmarc.intuit.com.	30	IN	TXT	"v=DMARC1; p=reject; rua=mailto:dmarc_rua@emaildefense.proofpoint.com; ruf=mailto:dmarc_ruf@emaildefense.proofpoint.com;fo=1"
What we can do is to have you enable a Debug ID to track DNS calls to see what is being pulled up. For this domain, a reject should have been processed since both SPF and DKIM failed. 

DMARC Results: Failed (Domain: intuit.com, Reason: SPF: False, DKIM: False, Alignments: 0, Domain: intuit.com), Reason: SPF: False, DKIM: False, Alignments: 0, Domain: intuit.com, Reject? False
Thank you
Tony Scholz
Lead Network/System Administrator
SmarterTools Inc.
Brian Replied
3/26/2026 at 10:50 PM
OK. Let me know.
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
DMARC - In Simple TermsSmarterMail > Antispam and Antivirus
SPF - In Simple TermsSmarterMail > Antispam and Antivirus
Messages from Trusted Senders are going to my Junk folderSmarterMail > Troubleshooting
Deploying Rspamd For Use With SmarterMailSmarterMail > Server Configuration and Management
SmarterTools Licensing InformationGeneral Topics