3

I have a dmarc file containing some record. I am bit surprised by the result and I would like to make sure I am reading it correctly.

Here is the record:

<record>
      <row>
         <source_i>1.2.3.4</source_ip>
         <count>1</count>
         <policy_evaluated>
            <disposition>none</disposition>
            <dkim>fail</dkim>
            <spf>fail</spf>
         </policy_evaluated>
      </row>
      <identifiers>
         <header_from>mydomain.com</header_from>
      </identifiers>
      <auth_results>
         <spf>
            <domain>anotherdomain.com</domain>
            <result>pass</result>
         </spf>
      </auth_results>
   </record>

If I am correct, this means that:

this <source_i>1.2.3.4</source_ip>: the mail was sent from 1.2.3.4

this <count>1</count> One mail was sent

this <disposition>none</disposition> No policy where apply to that mail.

this <dkim>fail</dkim> <spf>fail</spf> spf and dkim for that mail failled

this <header_from>mydomain.com</header_from> is the source in the mail header

The other <domain>anotherdomain.com</domain> the mail was sent to anotherdomain.com

<result>pass</result> the email passed dmarc check.

can you please correct me line ?

dmx
  • 227
  • 3
  • 8

1 Answers1

2

What is auth_results are DKIM and SPF results, uninterpreted with respect to DMARC.

What is in the policy_evaluated are the results of applying DMARC. disposition is the policy action specified in DMARC record. dkim and spf are DMARC-aligned authentications results.

Hope it helps.

Aria
  • 2,706
  • 11
  • 19
  • thanks for your answer. Why does the result is `pass` when dkim and spf failed both? – dmx Sep 14 '17 at 06:49
  • 1
    I suspect that DMARC returns `pass` because the disposition is `none`. That means that your DMARC policy allows all messages, even if they fail SPF/DKIM. – Nick Urban May 02 '19 at 20:26