I am using AWS SES (in sandbox mode) to send an email to a GMail address. Unfortunately it gets flagged as spam.
Google is nice enough to tell me in the message details that it is a DMARC failure
I read the official documentation : https://docs.aws.amazon.com/ses/latest/DeveloperGuide/send-email-authentication-dmarc.html
Here is what confuses me (quotes from that page) :
- “In order to comply with DMARC, messages must be authenticated through either SPF or DKIM, or both.”
- “By complying with one of these authentication systems, your emails will comply with DMARC”
My question is, why are both SPF and DKIM passing yet DMARC is failing?
ARC-Authentication-Results: i=1; mx.google.com;
dkim=pass header.i=@amazonses.com header.s=REDACTED header.b=REDACTED;
spf=pass (google.com: domain of REDACTED@eu-central-1.amazonses.com designates IP_REDACTED as permitted sender) smtp.mailfrom=REDACTED@eu-central-1.amazonses.com;
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=example.com
The Return-Path ends in amazonses.com
(the DNS entries for SPF and DKIM on example.com
are present).
Let me know if you need any additional information to get to the root of the issue