Hi Mike, That's not quite right. A DMARC pass is achieved where: policy_evaluated/dkim = pass *and/or *policy_evaluated/spf = pass
To successfully pass DMARC doesn't require both checks to pass, an SPF pass OR a DKIM pass is sufficient. DMARC doesn't check both SPF and DKIM as a sort-of two-factor authentication; it checks both to broaden the options for successfully authenticating legitimate mail. So there are 3 DMARC pass scenarios in <policy_evaluated>: <dkim>pass</dkim><spf>pass</spf> <dkim>pass</dkim><spf>fail</spf> <dkim>fail</dkim><spf>pass</spf> And one fail scenario: <dkim>fail</dkim><spf>fail</spf> Regards, Todd
_______________________________________________ dmarc-discuss mailing list [email protected] http://www.dmarc.org/mailman/listinfo/dmarc-discuss NOTE: Participating in this list means you agree to the DMARC Note Well terms (http://www.dmarc.org/note_well.html)
