On Fri, 16 Nov 2018 at 15:54, Robert Fitzpatrick <rob...@webtent.org> wrote: > > Dominic Raferd wrote on 11/16/2018 8:50 AM> > > Please clarify what you mean by 'even though SPF and DKIM is setup > > with DMARC to reject'? I presume that 'company.com' does not have a > > DMARC p=reject policy, or else your DMARC program (e.g. opendmarc) > > should block forged emails from them. > > > > Oh yes, sorry, the names changed to protect the innocent. But now that I > am confirming, I don't see the _dmarc record setup by the DNS company as > requested. So, this message with would fail DMARC if setup for > company.com to reject as you noted? I'll send them the request again and > see, thanks.
In principle I recommend that everyone set up dmarc with p=reject for their domains, but it is not to be undertaken lightly because it can lead to rejection of their genuine but misconfigured emails (and cause particular problems on mailing lists). I think your request to the third party is unlikely to have any effect, and the problem you are having needs to be tackled a different way.
