Free email providers have steadily tightened their DMARC (Domain-based Message Authentication, Reporting, and Conformance) policies, which affects whether OpenSRS service notifications can be delivered to inboxes hosted with those providers. If you use a free mail address as your reseller technical contact, some or all OpenSRS notifications may bounce. This article explains why, which notifications are affected, and how to keep delivery reliable.
Why DMARC matters for OpenSRS notifications
OpenSRS is a white-label domain registrar. To preserve the white-label experience, notifications to your end users are sent as if they originated from the technical contact email address on your reseller account. When that technical contact is hosted at a provider that enforces a strict DMARC policy, the provider rejects any message that fails DMARC alignment — including messages sent by OpenSRS on your behalf, because the OpenSRS mail servers are not authorized in the provider's SPF or DKIM records.
For example, AOL enforces a DMARC reject policy that drops 100% of unauthenticated messages purporting to come from @aol.com. If your technical contact is an @aol.com address, OpenSRS cannot deliver notifications on your behalf, because OpenSRS is not listed in the SPF records for aol.com.
Note: This issue is not unique to OpenSRS — any service that sends mail on behalf of an address at a provider enforcing strict DMARC will see the same bounces.
Which notifications are affected
If your technical contact is hosted at a provider with a strict DMARC policy, the following notifications may not reach you or your end users:
- Registrant verification messages
- Domain renewal reminders
- Transfer authorization requests
- ICANN trade approvals
- Other transactional registry notifications
Free mail providers and DMARC adoption
DMARC adoption among free mail providers has grown steadily. Some providers have enforced reject policies for years; others have moved more recently. Google, Yahoo, and Microsoft have all announced and enforced bulk-sender requirements that include DMARC alignment. See the related OpenSRS articles on Gmail, Microsoft, and Yahoo DMARC requirements for current details:
- Gmail, Microsoft, and Yahoo DMARC requirements on the Hosted Email platform
- Gmail, Microsoft, and Yahoo DMARC requirements on the Domains platform
What you should do
OpenSRS recommends establishing your own branded domain for use with your reseller account and using a mailbox on that domain as the technical contact. This eliminates the dependency on a third-party provider's DMARC posture.
Set a branded technical contact address
- Sign in at manage.opensrs.com.
- Click Domains at the top.
- Click the Settings tab.
- In the Default Settings For New Domains section, enter the branded address as your technical contact.
Authorize OpenSRS in your SPF records
If you already operate a branded domain for your technical contact, add the OpenSRS registrar mail system to that domain's SPF record so notifications pass DMARC alignment. See Adding OpenSRS mailservers to your SPF record for the current include value.
Tip: OpenSRS offers a white-label hosted email service you can use for branded mailboxes. Confirm current pricing before quoting it to customers.
Related articles
- Gmail, Microsoft, and Yahoo DMARC requirements on the Hosted Email platform
- Gmail, Microsoft, and Yahoo DMARC requirements on the Domains platform
- Configuring records for automated outbound email delivery
- How to configure DKIM for automated outbound emails
Questions? Contact OpenSRS Support.
How helpful was this article?
Thanks for your feedback!
Do you still need help? If so please submit a request here.