I'm trying to properly set up DKIM, SPF, and DMARC so emails sent from my server are less likely to be seen as spam. I got my first DMARC report and I'm little confused by this part:
<record>
<row>
<source_ip>2a00:1450:400c:c05::236</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>example.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>gmail.com</domain>
<result>pass</result>
</dkim>
<spf>
<domain>gmail.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
For the moment, please ignore the DKIM part... I'm working on that. The confusing part is the SPF part. I set that to v=spf1 include:_spf.google.com a ~all
on my domain. Using dig
I can see that ip6:2a00:1450:4000::/36
should be included as an allowed sender on _netblocks2.google.com
which is included by _spf.google.com
.
In the rest of the report it seems that the IPv4 addresses are all passing the SPF test, but all of the IPv6 addresses are failing. Am I doing anything wrong or is this a bug on Google's side?