Overview
Large email providers are beginning to enforce DMARC policies more strictly. Without proper authentication, emails may not be delivered or may be quarantined in your institution's email filter. Encountering DMARC failures for Campaign emails can pose challenges in ensuring email authenticity and deliverability. Understanding the email headers, particularly the Authentication-Results section, provides crucial insights into the issue.
Here’s a sample excerpt:
…
Authentication-Results: spf=pass (sender IP is 54.240.44.159)
smtp.mailfrom=amazonses.com; dkim=pass (signature was verified)
header.d=amazonses.com;dmarc=fail action=quarantine
header.from={INSTITUTION DOMAIN}.edu;compauth=fail reason=000
Received-SPF: Pass (protection.outlook.com: domain of amazonses.com designates
54.240.44.159 as permitted sender) receiver=protection.outlook.com;
…
Note the highlighted rows - the header.from is the institution’s domain, and we have a DMARC failure on the header.d auth.
DMARC authentication is failing because SSE is not sending the email with a DKIM key for the institution’s domain.
If you encounter this issue, please reach out to the Support team by Submitting A Request indicating you’d like the services team to add a DKIM key for your institution’s domain. After our services team sets up the DKIM key, your institution will receive DNS records to publish. Once these are published, and the DKIM key verified, the DMARC failure will be resolved.