Google Cloud Professional Collaboration Engineer — Question 74

You have just deployed DMARC to the your-company.com domain. The next day, you start receiving reports that some automated mail from one of your vendors, sending as you, is not being delivered to its recipients. You need to maintain secure email best practices.

You received the following SPF, DKIM and DMARC records:

v=spf1 a mx ip4 64.233.167.99 include:_spf.google.com –all

v=DKIM1;p=MIGfMA0GCSqGSlb3DQEBAQUAA4GNADCBiQKBgQDelhtCv3vUinyhKiKtZ8efjHGGo8gE1T+o7gLrvo6yRtdz9lCe6Fz5sgz0WYFW5nCV4DmaTcS

v=DMARC1;p=rekect;rua=mailto:[email protected]ruf=mailto:[email protected]; fo=1

You need to enable your vendor to resume sending mail on your behalf.

What should you do?

Answer options

• A. Change your DMARC record from p=reject to p=none.
• B. Change your SPF record from –all to ~all.
• C. Add the vendors mail servers to your SPF record.
• D. Instruct your vendor to set up your DKIM signature on their systems.

Correct answer: A

Explanation

The correct answer is A because changing the DMARC policy from p=reject to p=none allows email from your vendor to bypass the rejection, enabling their automated emails to be delivered. Options B and C do not directly resolve the issue with DMARC rejecting emails, and option D would not be effective without proper DMARC alignment.