On 3/20/21 4:00 PM, mailman3@digicrime.com wrote:
My understanding was that DMARC is merely a superset of DKIM+SPF along with some other policies. I have that set up on some of my domains. The weird part is that DKIM and SPF both passed, but DMARC was failing - I didn't realize it can happen but apparently it can: https://dmarcian.com/how-can-spfdkim-pass-and-yet-dmarc-fail/
Your reference explains it. DMARC requires a valid SPF or DKIM sig with a domain which "aligns" with the domain of the From: address. Your valid SPF and DKIM signature from your domain will not be enough for DMARC to pass because your domain won't "align" with the From: domain. "align" is a technical term defined in RFC 7489. This is what ARC (RFC 8617) is trying to address.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan