I've recently set up DMARC, SPF and DKIM. I'm now checking all DMARC reports I'm receiving. I've noticed the below entry which looks like an IP which is outside my control (the other IPs mentioned I see daily and are the ISP SMTP). So this one entry seems to be off. Now I wonder what I should conclude with this. Is this an email server, which successfully auths (using SPF and DKIM, so I can be "assured" it's actually the mailserver it claims to be) sending an email out in the name of mydomain.com? Note that mydomain.com is doing business with otherdomain.com. So perhaps I'm reading this incorrectly. However I don't see any incoming email for mydomain.com from them yesterday so this must have been a mail addressed to another domain.
I don't see any reason why this company would be needing to send emails in name of my domain. I know I change the policy using DMARC to drop such emails but nonetheless it seems interesting to investigate what's going on here.
<record>
<row>
<source_ip>w.x.y.z</source_ip>
<count>4</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>mydomain.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>otherdomain-com.20150623.gappssmtp.com</domain>
<result>pass</result>
<selector>20150623</selector>
</dkim>
<spf>
<domain>otherdomain.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
Thansk a lot in advance.
