The SPF failure is not preventing email from sending, but I'm curious if there's a way to get it to pass. Is there any scenario where an email server would reject receipt based on this DMARC record?
<?xml version="1.0"?>
<feedback>
<report_metadata>
<org_name>Verizon Media</org_name>
<email>[email protected]</email>
<report_id>1619141439.695059</report_id>
<date_range>
<begin>1619049600</begin>
<end>1619135999</end>
</date_range>
</report_metadata>
<policy_published>
<domain>openpathtutoring.com</domain>
<adkim>r</adkim>
<aspf>r</aspf>
<p>none</p>
<pct>100</pct>
</policy_published>
<record>
<row>
<source_ip>12.345.678.90</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>openpathtutoring.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>bnc3.mailjet.com</domain>
<selector>mailjet</selector>
<result>pass</result>
</dkim>
<dkim>
<domain>openpathtutoring.com</domain>
<selector>mailjet</selector>
<result>pass</result>
</dkim>
<spf>
<domain>bnc3.mailjet.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
</feedback>
SPF record:
v=spf1 include:spf.mailjet.com ?all
I'm not sure why that SPF check is failing since the IP it is reporting for is included in the mailjet SPF, which covers
87.253.232.0-87.253.239.255in its first subnet. I would expect it not to be counted because your SPF uses a default?allmechanism, which is about equivalent to not having an SPF record at all, plus your DMARC record saysp=none, so you're asking receivers not to reject messages even if they fail to verify.In short, I would not expect a mail server to reject anything on the basis of the settings you have.