I've recently started configuringn and using DMARC reports and I have the following question. How can the DKIM domain not be my domain (and pass)?
I have the following report
<record>
<row>
<source_ip>185.53.XXX.XXX</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
<reason>
<type>forwarded</type>
<comment>looks forwarded, not quarantined for DMARC</comment>
</reason>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>customer.co.uk</domain>
<result>pass</result>
<selector>default</selector>
</dkim>
<spf>
<domain>gmail.com</domain>
<result>softfail</result>
</spf>
</auth_results>
</record>
We send an email to a customer, the source_ip is not from my domain but related to the customer email server. And the DKIM domain is the one of the customer (and the DKIM passes). I understand that the report is not about an my company sent but that the customer sent ( probably forwarding an email we sent).
The first question is, why is this showing at all in my report ?
Is that because, is that because it forwarding an email from me (in the From
field).
In that case, is the DKIM mine or the customer one.
Similarily, which SPF and DMARC rules are being used, those of my domain or of the customer domains ?