MicrosoftMicrosoftCan anyone explain why this email was marked as DMARC=Pass by Exchange. When compauth=pass, does it override the DMARC value even if DMARC Failed?
Returning to this question, received headers in PM.
DMARC result is valid, DKIM-Signature for d=paypal.com is stamped on the email.
Last ARC-Authentication-Results header also confirms that DKIM=pass for header.d=paypal.com, which aligns to header.from=paypal.com => DMARC pass
Authentication-Results header sadly does not display the aligned domain DKIM verdict.
Here it just decides to expose the other random DKIM-Signature that also happened to pass but could not contribute to DMARC pass due to lack of alignment.
Could be improved for easier admin review of email auth verdict.
