From Email Address DMARC Failure

Overview

Large email providers are beginning to enforce DMARC policies more strictly. Without proper authentication, emails may not be delivered or may be quarantined in your institution's email filter. Encountering DMARC failures for Campaign emails can pose challenges in ensuring email authenticity and deliverability. Understanding the email headers, particularly the Authentication-Results section, provides crucial insights into the issue.

Here’s a sample excerpt:

Authentication-Results: spf=pass (sender IP is 54.240.44.159)

 

smtp.mailfrom=amazonses.com; dkim=pass (signature was verified)

 

header.d=amazonses.com;dmarc=fail action=quarantine

 

header.from={INSTITUTION DOMAIN}.edu;compauth=fail reason=000

 

Received-SPF: Pass (protection.outlook.com: domain of amazonses.com designates

 

54.240.44.159 as permitted sender) receiver=protection.outlook.com;

Note the highlighted rows - the header.from is the institution’s domain, and we have a DMARC failure on the header.d auth. 

DMARC authentication is failing because SSE is not sending the email with a DKIM key for the institution’s domain. 

If you encounter this issue, please reach out to the Support team by Submitting A Request indicating you’d like the services team to add a DKIM key for your institution’s domain. After our services team sets up the DKIM key, your institution will receive DNS records to publish. Once these are published, and the DKIM key verified, the DMARC failure will be resolved.

 

Articles in this section

How to Contact Support
There are many ways to reach out! Click here for our support options.
Watermark Academy
Click to access the Watermark Academy for consultation, training, and implementation companion courses.
Customer Community
Can’t find the answer? Ask fellow users how they’re making the most of Watermark in our Community!