drupal.org has good email authentication with minor issues. Most records are correctly configured.
| SPF (Sender Policy Framework) | pass |
| DKIM (DomainKeys Identified Mail) | pass |
| DMARC (Domain-based Message Authentication) | warn |
| MX (Mail Exchange Records) | pass |
| Blacklist Status | pass |
v=spf1 mx include:amazonses.com include:servers.mcsv.net -all
v=DMARC1; p=none; pct=100; rua=mailto:re+myecnlkddmo@dmarc.postmarkapp.com; sp=none; aspf=r;
Email authentication (SPF, DKIM, DMARC) verifies that emails claiming to be from drupal.org actually come from authorized servers. Without proper authentication, emails may be marked as spam or rejected by receiving servers like Gmail, Outlook, and Yahoo.
Since February 2024, Google and Yahoo require SPF, DKIM, and DMARC for all email senders. Domains without these records see significantly higher spam rates.
Use our step-by-step setup guides to configure the missing records at your DNS provider. After making changes, re-scan drupal.org to verify the fix.