DMARC for AmazonSES fails. Why

amazon-sesdmarc

I've setup SPF and DKIM for my custom domain to send emails.
While SPF and DKIM tests pass, the DMARC test fails for emails that have reply-to address different from "From" field.
My SPF record:

v=spf1 include:amazonses.com include:_spf.google.com -all

My DMARC record:

v=DMARC1; p=none; pct=100; rua=mailto:dmarc-rua@mydomain.com; ruf=mailto:reports@mydomain.com

Headers from the email sent:

Delivered-To: contact@mydomain.com
Received: by 10.129.165.193 with SMTP id c184csp206242ywh;
        Thu, 19 May 2016 03:56:53 -0700 (PDT)
X-Received: by 10.233.239.210 with SMTP id d201mr13984760qkg.41.1463655413313;
        Thu, 19 May 2016 03:56:53 -0700 (PDT)
Return-Path: <01000154c8a933ce-e7e039ee-6c9d-4e64-9693-28708e049ecf-000000@amazonses.com>
Received: from a8-86.smtp-out.amazonses.com (a8-86.smtp-out.amazonses.com. [54.240.8.86])
        by mx.google.com with ESMTPS id g90si11881962qgg.13.2016.05.19.03.56.53
        for <contact@mydomain.com>
        (version=TLS1 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
        Thu, 19 May 2016 03:56:53 -0700 (PDT)
Received-SPF: pass (google.com: domain of 01000154c8a933ce-e7e039ee-6c9d-4e64-9693-28708e049ecf-000000@amazonses.com designates 54.240.8.86 as permitted sender) client-ip=54.240.8.86;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@amazonses.com;
       spf=pass (google.com: domain of 01000154c8a933ce-e7e039ee-6c9d-4e64-9693-28708e049ecf-000000@amazonses.com designates 54.240.8.86 as permitted sender) smtp.mailfrom=01000154c8a933ce-e7e039ee-6c9d-4e64-9693-28708e049ecf-000000@amazonses.com;
       dmarc=fail (p=NONE dis=NONE) header.from=mydomain.com
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=6gbrjpgwjskckoa6a5zn6fwqkn67xbtw; d=amazonses.com; t=1463655412;
    h=From:Reply-To:To:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID:Date:Feedback-ID;
    bh=F8+/Ni/QwQrszhKD2uANwAa3fcsUlA2ym/y/2fXINhY=;
    b=AlNNHzoGT1Ezy9haiRXTLviRYW5XGIGE8IXIMjGcLxogxh2tSPGCOt7yJCix/sI0
    5sGh1EHuBHkrd3sTlQ5i5/O2/ci+dXc47mS7Efo8snkyVK7Kf8FlfwsrTontTGoUJWB
    L76+pQCzbzs+HZS9HXym8EO7ZEWp+7g33IX+W0oE=
From: "MYDOMAIN.COM" <no-reply@mydomain.com>
Reply-To: someaddress@gmail.com
To: contact@mydomain.com

What could be an issue here?

Best Answer

Your DKIM is unaligned and your SPF might be un-aligned (I can't tell without real domain names) and that will cause your DMARC to fail. One of the two must be in alignment, you can read more about that here: Indentifier Alignments

You can also send an email to mailtest@unlocktheinbox.com and will pinpoint the DMARC issue. But the DMARC report section of the report is a paid feature, but it's cheap.

Related Topic