From Email Address DMARC Failure


Large email providers are beginning to enforce DMARC policies more strictly. Without proper authentication, emails may not be delivered or may be quarantined in your institution's email filter. Encountering DMARC failures for Campaign emails can pose challenges in ensuring email authenticity and deliverability. Understanding the email headers, particularly the Authentication-Results section, provides crucial insights into the issue.

Here’s a sample excerpt:

Authentication-Results: spf=pass (sender IP is; dkim=pass (signature was verified);dmarc=fail action=quarantine


header.from={INSTITUTION DOMAIN}.edu;compauth=fail reason=000


Received-SPF: Pass ( domain of designates as permitted sender);

Note the highlighted rows - the header.from is the institution’s domain, and we have a DMARC failure on the header.d auth. 

DMARC authentication is failing because SSE is not sending the email with a DKIM key for the institution’s domain. 

If you encounter this issue, please reach out to the Support team by Submitting A Request indicating you’d like the services team to add a DKIM key for your institution’s domain. After our services team sets up the DKIM key, your institution will receive DNS records to publish. Once these are published, and the DKIM key verified, the DMARC failure will be resolved.


Articles in this section

How to Contact Support
There are many ways to reach out! Click here for our support options.
Watermark Academy
Click to access the Watermark Academy for consultation, training, and implementation companion courses.
Watermark Customer Community
Engage and connect with others!