I've set up SPF, DKIM, and now DMARC (reporting only) on my site. Sometimes when my site sends me an email, I can see that my GMail inbox has evaluated SPF:Pass, DKIM:Pass, and DMARC:Pass, but sometimes I only get SPF:Pass and DKIM:Pass, with no mention of DMARC. Do mail servers sometimes skip DMARC tests? Maybe for whitelisted domains or cached senders?
Asked
Active
Viewed 316 times
2 Answers
1
Generally speaking, DMARC is only needed when SPF or DKIM lookups fail, as their main purpose is to say what to do in the event of a failure. There's no particular reason to look up DMARC if SPF and DKIM pass, but I guess gmail must just do it anyway sometimes. Many mail servers don't do SPF, DKIM, or DMARC tests at all. If you had a case where gmail was failing a check and not looking up DMARC, I'd be a bit more concerned.
Synchro
- 35,538
- 15
- 81
- 104
-
DMARC isn't only required when SPF or DKIM fail... It is possible for both SPF and DKIM to pass, but DMARC still needed to fail. eg When a sending account has been compromised, SPF will validate for the compromised envelope domain, the message content could have a different domain forged in the From headers when authored but will still pass DKIM because they are unmodified after sending, then DMARC could look at the bigger picture and identify that the domain names aren't aligned. – Gavin Jackson Jun 04 '18 at 08:30
0
If you can provide the email header of email where gmail skipped DMARC results, we can analyze the issue. If the FROM domain has configured DMARC record, then gmail definitely do DMARC checks and results will be added on the email header. DMARC results will only be skipped when there is no DMARC record found on FROM domain.
Cheers,
Sundaralingam Subramaniyan
