I've been tasked with setting up DKIM, SPF and DMARC for a business. I come from more of a development background, so as a result, I've been a bit confused on how to interpret the DMARC reports I'm seeing.
I'm using a DMARC report analyzer (DMARCreport), and it's showing some spam-y emails as DKIM aligned and DKIM verdict "pass". I don't understand how these emails are passing DKIM, since the only service that is set up to sign with DKIM is Google Workspace, and again these emails don't appear to be legitimate emails, and are also failing SPF.
Does "DKIM aligned" in the report mean simply that the From header matched the "d" domain value in the DKIM signature, or does it actually verify the keys using cryptography?
If it does actually cryptographically verify, any idea why I'm seeing spam-y emails showing as DKIM aligned?