We have a problem with _dmarc record for our alias domain. We use AWS’s DNS-Route 53 and Google Apps. When sending an email from the primary domain, _dmarc passes validation. But when sending from the alias domain, it fails.
This is the header of an email sent from the primary domain:
From: Caroline<caroline@primarydomain.com.br>
To: caroline@anotherdomain.com
SPF: PASS with IP 209.85.220.41
DKIM: 'PASS' with domain primarydomain-com-br.20150623.gappssmtp.com
DMARC: 'PASS'
And this is the header when using the alias domain:
From: Caroline<caroline@aliasdomain.com>
To: caroline@anotherdomain.com
SPF: PASS with IP 209.85.220.41
DKIM: 'PASS' with domain aliasdomain-com.20150623.gappssmtp.com
DMARC: 'FAIL'
We have already tried several different options for the dmarc record in the alias domain. We are not applying policies, p=none, and we have already checked the record using some online tools. They all report the record as valid. We have even tried redirecting the SPF record ("v=spf1 redirect=primarydomain.com.br").
We have other two domains that uses GoDaddy's DNS, one is the primary, the other is an alias, and email is also hosted in Google Apps. For these two domains dmarc always passes.
This is the header from the primary domain:
From: Caroline<caroline@primarydomain.com>
To: caroline@anotherdomain.com
SPF: PASS with IP 209.85.220.41
DKIM: 'PASS' with domain primarydomain.com
DMARC: 'PASS'
And this is the header from the alias domain:
From: Caroline<caroline@aliasdomain.com>
To: caroline@anotherdomain.com
SPF: PASS with IP 209.85.220.41
DKIM: 'PASS' with domain aliasdomain.com
DMARC: 'PASS'
In both comparisons, the Return-Path is set to the primary domain:
Return-Path: <caroline@primarydomain.com>
Return-Path: <caroline@primarydomain.com.br>
The only difference we could spot between the two comparisons is the DKIM record:
DKIM: 'PASS' with domain primarydomain-com-br.20150623.gappssmtp.com
DKIM: 'PASS' with domain aliasdomain-com.20150623.gappssmtp.com
DKIM: 'PASS' with domain primarydomain.com
DKIM: 'PASS' with domain aliasdomain.com
We are wondering if the ".20150623.gappssmtp.com" appended to the domain for the DKIM record (AWS) could be the problem, because it seems to be the only difference between AWS's and GoDaddy's DNS configuration.
How can we configure the DNS records in AWS to fix this issue?
We suspect the issue with the dmarc record is the reason why ALL of the emails we send to @hotmail.com and @outlook.com end up in junk folder.
Help is very much appreciated.
Thanks in advance, Caroline