I want to understand my DMARC record. I've done some reading online but I don't understand why in the <policy_evaluated> tag , spf fails but after when they are detailed it actually passes.
<record>
    <row>
      <source_ip>2607:f8b0:400c:c05::230</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>fail</spf>                           <-- here
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>xxxxx</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>xxxxx</domain>
        <result>pass</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>xxxxx</domain> 
        <result>pass</result>                     <-- here
      </spf>
    </auth_results>
  </record>
Also on a different record I have a soft fail :
<auth_results>
      <dkim>
        <domain>xxxxx</domain>
        <result>pass</result>
        <selector>default</selector>
      </dkim>
      <spf>
        <domain>xxxxx</domain>
        <result>softfail</result>                 <-- here
      </spf>
    </auth_results>
Reading left-to-right in plain English, this record says: v=DMARC1 specifies the DMARC version. p=none specifies the preferred treatment, or DMARC policy. rua=mailto:[email protected] is the mailbox to which aggregate reports should be sent.
DMARC (Domain-based Message Authentication Reporting and Conformance) is an email validation system designed to protect your company's email domain from being used for email spoofing, phishing scams and other cybercrimes.
DMARC explained in plain English If we expand the acronym, the term DMARC stands for Domain-based Message Authentication, Reporting, and Conformance. It's an email security policy that allows email senders to specify policies for how their email should be handled if it's received by a receiving server.
The DMARC record is in the form of a line of plain text. The text is a list of DMARC tags and values, separated by semicolons. Some tags are required and some are optional. A DMARC policy tells receiving servers what action to take on unauthenticated messages they get from your domain.
The probable cause of the discrepancy between <policy_evaluated><spf> & <auth_results><spf><result> is that your envelope "mail from" & your header "from" are not on the same domain. <policy_evaluated><spf> is the SPF alignment test, which verifies that both the "From" field in the message header & the RFC 5321 "MAIL FROM" are from the same domain, whereas <auth_results><spf><result> only tests whether or not the sending MTA is an authorised sender for the domain in the domain in the RFC 5321 "MAIL FROM".
There's a good answer here: DMARC -spf and DKIM record queries
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With