Summary
Google Postmaster Tools (GPT) reports DMARC success after record deletion due to a combination of factors: DMARC being an opt-in system, GPT simplifying data for Google's internal use (rather than precise sender reporting), DNS caching (both by Google and other mailbox providers, often exceeding TTL), and ongoing DMARC authentication via SPF and DKIM. Documentation emphasizes that DNS changes take time to propagate fully, a point echoed by marketers suggesting DMARC setup confirmation using external tools and patience. Because of the potential for inaccuracies, relying solely on GPT for DMARC monitoring is insufficient; verifying with other tools, and utilizing DMARC reports is highly recommended. Accurate configuration of SPF and DKIM is paramount, while a lack of understanding in its interaction with SPF/DKIM will lead to implementation issues.
Key findings
- DMARC Opt-In: DMARC only 'fails' if it's been actively implemented (opted-in) via a DNS record.
- GPT Data Simplification: GPT simplifies data and should not be used as the single source of truth.
- DNS Caching Delays: DNS Caching can delay recognition of DMARC changes.
- Authentication Bypass: Emails can still pass DMARC checks based on SPF/DKIM alone.
- DNS Propagation Variance: DNS propagation delays depend on TTL.
- Monitor SPF/DKIM: It is important to monitor your SPF and DKIM setup.
Key considerations
- Multiple Data Sources: Use multiple data sources instead of solely relying on GPT.
- DNS Propagation Allowance: Account for DNS propagation delays.
- Implement and Check SPF/DKIM: Properly implement SPF/DKIM for DMARC Compliance.
- Use DMARC Reports: Setup and implement DMARC reporting.
- Understand DMARC Settings: Understand DMARC's setting with SPF/DKIM to avoid implementation issues.
What email marketers say
10 marketer opinions
Google Postmaster Tools (GPT) may show DMARC success even after a DMARC record deletion due to DNS caching, internal processing delays, and the fact that GPT only reflects data from Gmail users and may not provide a complete or real-time view. DMARC 'success' might also indicate that emails are still passing DMARC authentication through SPF and DKIM, irrespective of the DMARC record's presence. Relying solely on GPT for DMARC monitoring is not recommended; cross-referencing with other monitoring tools, verifying DMARC setup independently, and allowing sufficient time for DNS propagation are essential.
Key opinions
- DNS Caching: Mailbox providers and Google may cache DNS records beyond TTL, delaying the reflection of DMARC record deletions in GPT.
- Authentication Passing: Emails might still pass DMARC authentication (via SPF and DKIM) even without a DMARC record, leading to a 'success' indication in GPT.
- GPT Data Limitations: Google Postmaster Tools provides an incomplete view of DMARC status and should not be the sole source of monitoring.
- Reporting delays: Due to caching, internal processing delays or the time for DNS settings to propagate, Google Postmaster Tools may provide information that is not accurate.
Key considerations
- Cross-Verification: Verify DMARC setup and reporting using multiple monitoring tools and ESP data, rather than relying solely on GPT.
- DNS Propagation Time: Allow sufficient time (up to 48 hours or more) for DNS changes to propagate globally after making any DMARC record modifications.
- SPF and DKIM Alignment: Ensure proper SPF and DKIM alignment, as emails may pass DMARC authentication even without a DMARC record if these are correctly configured.
- Implement DMARC reports: Implement DMARC reports to understand more about your DMARC results.
- DMARC Setup: Ensure DMARC is set up correctly as DMARC is a system designed to protect email senders and recipients from spam, spoofing, and phishing attacks, by allowing senders to indicate that their emails are protected by SPF and DKIM
Marketer view
Marketer from Email Geeks asks if it's possible that "100% success" was simply the mail passing DMARC authentication, regardless of having the DMARC record in place.
24 Feb 2022 - Email Geeks
Marketer view
Marketer from Email Geeks explains mailbox providers definitely cache DNS records beyond your TTLs and that this happens in a lot of places if you have short TTLs.
17 Apr 2023 - Email Geeks
What the experts say
6 expert opinions
Google Postmaster Tools (GPT) might report DMARC success after record deletion because DMARC is an opt-in system that only fails when a record exists. GPT simplifies data for Google's internal use, potentially caching old DNS records. Monitoring SPF/DKIM alignment and utilizing DMARC reports is crucial as a DMARC pass doesn't guarantee inbox placement. Non-compliance indications may require verification via aboutmy.email, and DMARC issues often arise from misunderstanding its interaction with SPF/DKIM, highlighting the complexities of DNS configuration.
Key opinions
- DMARC Opt-in: DMARC only fails if explicitly enabled through a DNS record.
- GPT Simplification: GPT simplifies data, not necessarily designed for sender-specific utility.
- DNS Caching: Google may cache DNS records, leading to delayed reflection of DMARC record changes.
- SPF/DKIM Importance: Proper SPF/DKIM alignment is critical for DMARC functionality, regardless of a DMARC record.
Key considerations
- SPF/DKIM Monitoring: Monitor SPF/DKIM alignment for DMARC effectiveness.
- DMARC Reports: Utilize DMARC reports for comprehensive email authentication insights.
- aboutmy.email Verification: Use aboutmy.email to diagnose DMARC non-compliance issues.
- DNS Complexity: Careful DNS configuration is essential to avoid reporting discrepancies with DMARC.
Expert view
Expert from Email Geeks suggests if Google is showing non-compliance, send mail to aboutmy.email - that will tell you if it's implemented correctly and if it's working and if not, will give you hints as to what's not right.
9 Oct 2021 - Email Geeks
Expert view
Expert from Email Geeks explains that DMARC is an opt-in system. It can only fail if you’ve opted-in to using it, and you do that by publishing a DMARC record.
29 Jul 2024 - Email Geeks
What the documentation says
5 technical articles
Google Postmaster Tools (GPT) shows DMARC success after record deletion due to DNS caching and internal processing delays. DMARC.org and RFC 7489 documentation confirm that DMARC relies on DNS, and record changes aren't immediately recognized due to caching. Microsoft and Cloudflare further explain that DNS propagation takes time, depending on TTL values, and isn't instantaneous.
Key findings
- DNS Caching: DNS caching delays recognition of DMARC record changes.
- Gmail-Centric Data: GPT data primarily reflects Gmail users, not the entire internet.
- Propagation Delays: DNS record updates require time to propagate across the internet.
- TTL Impact: Time-To-Live (TTL) values influence DNS propagation speed.
Key considerations
- Patience: Allow ample time for DNS propagation after DMARC record changes.
- Multiple Data Sources: Do not rely solely on GPT; use other tools for a complete picture.
- Understand DNS: Familiarize yourself with DNS caching and propagation mechanisms.
- Consider TTL: Understand how TTL values impact DNS record update speed.
Technical article
Documentation from Microsoft explains that DNS propagation can take time. Microsoft says that it may take a while for changes to DNS settings to fully propagate across the internet. The exact time depends on the Time-To-Live (TTL) value set for DNS records.
11 Apr 2025 - Microsoft
Technical article
Documentation from RFC Editor (RFC 7489) describes that DMARC relies on the DNS infrastructure and the proper propagation of DNS records. It acknowledges that caching and other DNS-related factors can introduce delays in the reflection of policy changes.
25 May 2023 - RFC Editor
Does Google Postmaster Tools domain reputation include subdomains?
Does Google Postmaster Tools (GPT) data include Google Workspace accounts, or only Gmail.com accounts?
How accurate is Microsoft SNDS data for deliverability monitoring?
How accurate is SNDS and Google Postmaster Tools reputation data?
How accurate is the spam data shown in the new Google Postmaster Tools and how can I get data to appear?
How can I accurately monitor complaint rates for email marketing using Google Postmaster Tools, Yahoo FBL, and my ESP?
