I have been testing my DMARC policy for some weeks and I ran into this issue. Background:
- SPF - setup and working
- DKIM - set up and working (AFIK)
- DMARC - set up and working - looking for alignments and reject set to 100
For the most part, this is working great. Rejects the spoofers with only one exception. A video creation company (with a track record of spamming) is able to spoof my email when going through Google.
Here is a sample record. Assume "example.com" is my company and "(spoofing domain).cc" is the spoofer. I get why the pass SPF as that has to do with Google's forwarding. I don't get how they pass DKIM.
<record>
<row>
<source_ip>209.85.220.41</source_ip>
<count>1</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>pass</dkim>
<spf>fail</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>example.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>example.com</domain>
<result>pass</result>
<selector>selector1</selector>
</dkim>
<spf>
<domain>(spoofing domain).cc</domain>
<result>pass</result>
<spf>
<auth_results>
<record>