I'm facing a perplexing issue with Gmail's Postmaster Tools regarding the reporting of SPF, DKIM, and DMARC for emails sent to Gmail addresses. Despite the email headers and third-party validation tools indicating that SPF, DKIM, and DMARC are correctly configured and passing, Gmail's Postmaster Tools reports failures in DMARC and DKIM.
Here's a detailed outline of the situation:
Gmail Postmaster Tools Issue: Reports failures in DMARC and DKIM.
Email Headers: Indicate that SPF, DKIM, and DMARC are passing.
Third-party Tools: Confirm that my SPF, DKIM, and DMARC configurations are correct.
DMARC Reports: Specifically, DMARC aggregate reports from Google show that SPF and DKIM are passing (see the example report below).
<feedback>
...
<policy_published>
<domain>domain.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>quarantine</p>
<sp>quarantine</sp>
<pct>100</pct>
<np>quarantine</np>
</policy_published>
<record>
<row>
<source_ip>82.223.xx.xxx</source_ip>
<count>29</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
...
<auth_results>
<dkim>
<domain>domain.com</domain>
<result>pass</result>
<selector>nvio</selector>
</dkim>
<spf>
<domain>sub.domain.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
And this is the postmaster "Authenticated Traffic". Don't ask me for the glitch of 25th. It's a mystery.
Additional info:
There is no _dmarc.sub.domain.com txt record. The _dmarc.domain.com txt record is : "v=DMARC1;p=quarantine;pct=100;rua=mailto:dmarcreports@;ruf=mailto:dmarcreports@"
SPF is for sub.domain.com
The Return-path and the mta MAIL FROM: is for sub.domain.com
The From: header is from domain.com
The DKIM selector is: selector._domainkey.domain.com