cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
SOLVED

Outbound emails failing to Gmail

Patrick660
Copper Contributor

‎Mar 20 2023 03:36 AM

‎Mar 20 2023 03:36 AM

Outbound emails failing to Gmail

I'm having an issue with outbound emails failing to Google accounts. SPF, DKIM, and DMARC are all setup corectly for the domain.

The DMARC report shows the source IP as a valid Exchange Online IP.

The DMARC report shows the SPF both failing and passing which is confusing me.

 

I'd really appreciate any guidance on how to correctly update the DNS records or if I would need to try get in touch with Google.

 

Relevant screenshot below as well as the text of the DMARC report here:

 

<date_range>
<begin>1679184000</begin>
<end>1679270399</end>
</date_range>
</report_metadata>
<policy_published>
<domain>halyard.eu.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>quarantine</p>
<sp>quarantine</sp>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>2a01:111:f400:fe0c::312</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>xxxcom</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>xxxx.com</domain>
<result>pass</result>
<selector>selector2</selector>
</dkim>
<spf>
<domain>xxxx.outbound.protection.outlook.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>

Labels:
Preview file
45 KB
1,014 Views
0 Likes
2 Replies
Reply
2 Replies
best response confirmed by Patrick660 (Copper Contributor)
Michel de Rooij

‎Mar 21 2023 07:31 AM

‎Mar 21 2023 07:31 AM

Solution

Re: Outbound emails failing to Gmail

The SPF pass is for authentication (it's in the auth_results section); the SPF fail is for alignment (same goes for DKIM). This means the domain used at From doesn't match the one presented in Return-Path. In default (SPF alignment is relaxed, not strict). this should result in a pass verdict for the message, but the alignment will of course still be fail.

Feed your DMARC report here to have a more readable output
https://dmarcian.com/xml-to-human-converter/
1 Like
Reply
Patrick660

‎Mar 21 2023 08:30 AM

‎Mar 21 2023 08:30 AM

Re: Outbound emails failing to Gmail

That now makes sense with the link provided. Thank you Michel.
0 Likes
Reply
1 best response

Accepted Solutions
best response confirmed by Patrick660 (Copper Contributor)
Michel de Rooij

‎Mar 21 2023 07:31 AM

‎Mar 21 2023 07:31 AM

Solution

Re: Outbound emails failing to Gmail

The SPF pass is for authentication (it's in the auth_results section); the SPF fail is for alignment (same goes for DKIM). This means the domain used at From doesn't match the one presented in Return-Path. In default (SPF alignment is relaxed, not strict). this should result in a pass verdict for the message, but the alignment will of course still be fail.

Feed your DMARC report here to have a more readable output
https://dmarcian.com/xml-to-human-converter/

View solution in original post

1 Like
Reply