We are sending large numbers of emails (hundreds of thousands) mostly for our clients. Of course, we have configures SPF, DKIM, and DMARC records properly for all domains who use us. We pass all tests on various SPF and DKIM validators, and vast majority of emails is delivered without any trouble.
The problem is that almost in every delivery, there are a couple of emails where we get DMARC failure report without apparent reason.
<?xml version="1.0" encoding="UTF-8"?>
<feedback>
<version>1.0</version>
<report_metadata>
<org_name>blabla.com</org_name>
<email>info@blabla.com</email>
<extra_contact_info/>
<report_id>09b93d$7b9b58f=0f6353445e3e471f@ceps.cz</report_id>
<date_range>
<begin>1587247202</begin>
<end>1587333603</end>
</date_range>
</report_metadata>
<policy_published>
<domain>issue.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<sp>none</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>123.456.789.101</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>blabla.com</header_from>
<envelope_from>sender.com</envelope_from>
</identifiers>
<auth_results>
<dkim>
<domain>blabla.com</domain>
<selector>k1</selector>
<result>pass</result>
</dkim>
<spf>
<domain>sender.com</domain>
<scope>mfrom</scope>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
This happens just to a very few emails, let's say 1%. Most of the emails pass. Any experience with it?