DMARC report with passing O365 DKIM signature being sent by Google server

Question

The dmarc report values are as follows:

dkim_domain : mydomain.onmicrosoft.com
dkim_result : pass
selector : selector1-mydomain-onmicrosoft-com
header_from : mydomain
spf_domain : mydomain
spf_result : fail
source_ip : 209.85.219.70   (this is a Google mail server)
org_name : google.com

So, we have a message that was signed by O365, but is being sent by a Google server, and the receiving Google server is reporting it as a SPF violation. How does this happen? Is there anything to be done about it?

Thank you.

score 2 · Answer 1 · answered Jun 24 '21 at 20:54

2

This is probably a forwarded message. SPF does not survive forwarding and, therefore, any mail forwarding service should rewrite the envelope sender. That will break the DMARC alignment through SPF, but a message signed with DKIM should be enough to provide proper alignment.

answered Jun 24 '21 at 20:54

Esa Jokinen

43,252
2
75
122

Thank you. That is what I had concluded as well. – Adam Winter Jun 24 '21 at 21:13

DMARC report with passing O365 DKIM signature being sent by Google server

1 Answers1