SPF and DKIM pass, but DMARC does not. How to decide?

K

kolomietsv2021-02-04 14:42:38

gmail

kolomietsv, 2021-02-04 14:42:38

I'm trying to send Gmail emails from different domain names using the same email account and I'm getting dmarc = fail
For example, I have:
example.com (the domain of the organization that the mailbox account is created under);
need.com (an additional domain added as an alias, there can be many).

I want to give users the ability to send emails as @need.com using an alias in their account settings.

The problem is that all messages end up in spam with DMARC policies.

Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=20150623 header.b="y0qDXN/D";
spf=pass (google.com: domain of [email protected] designates 209.85.220.41 as permitted sender)
[email protected];
dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=QUARANTINE) header.from=need.com

Needs to be configured so that everything works correctly with the DMARC quarantine policy. Is it possible? Does anyone have a practical solution to this problem?
Presumably the problem is in the difference between headers.
Thanks in advance for any help.

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Vladimir, 2021-02-04
@MechanID

Is the sender with your domain in the "From:" (RFC5322:From field) field in outgoing emails? since dmarc performs checks against the domain from this field.

V

Vladimir Dubrovin, 2021-02-04
@z3apa3a

You have the need.com domain in From, while in the SPF (SMTP envelope) the address is example.com and in the DKIM the domain is need-com.20150623.gappssmtp.com. For DMARC to pass, the SPF or DKIM must be from the same domain as used in From up to the organization's domain. Set up DKIM for your domain, now you only have the default google pseudo-signature and use in the SMTP envelope (MAIL FROM) an address from the same domain as used in From.