0

I've recently set up DMARC and am receiving reports from Google such as the one below (as you can see Amazon SES sends our emails). I'm struggling to understand that in the <auth_results> section it shows both dkim and spf as pass, but then says spf fail in the <policy_evaluated> section. Can anyone explain?

I don't understand why spf is showing as fail in one section of the xml and pass in another.

Any help would be hugely appreciated.

<record>
    <row>
      <source_ip>54.240.3.23</source_ip>
      <count>1</count>
      <policy_evaluated>
        <disposition>none</disposition>
        <dkim>pass</dkim>
        <spf>fail</spf>
      </policy_evaluated>
    </row>
    <identifiers>
      <header_from>XXXXX.co.uk</header_from>
    </identifiers>
    <auth_results>
      <dkim>
        <domain>XXXXX.co.uk</domain>
        <result>pass</result>
        <selector>fkxaji2gbqrtxkga2dcntqbjoj3mrfqx</selector>
      </dkim>
      <dkim>
        <domain>amazonses.com</domain>
        <result>pass</result>
        <selector>shh3fegwg5fppqsuzphvschd53n6ihuv</selector>
      </dkim>
      <spf>
        <domain>eu-west-1.amazonses.com</domain>
        <result>pass</result>
      </spf>
    </auth_results>
  </record>
bynack
  • 21
  • 3
  • 2
    Does this answer your question? [Understand DMARC Email Record](https://stackoverflow.com/questions/41919848/understand-dmarc-email-record) – Dai Jun 25 '23 at 10:31
  • many thanks, have now added custom subdomain from address in Amazon SES, will see how this affects these few reports. – bynack Jun 26 '23 at 15:04

0 Answers0