I recently helped a friend implement DMARC/DKIM/SPF and got a report that makes no sense to me.
Their domain is hosted on SquareSpace, they use Google Apps for email, and Mailchimp for mailing lists. All of that stuff is configured correctly and is working well.
The oddity (to me) is as follows:
They received a DMARC report from AmazonSES ; this does not make sense to me as they don't have anything that sends through AmazonSES and I don't believe you can send TO an Amazon SES recipient. How can this happen?
The DMARC report noted DKIM passing for both their domain (so the Google Apps integration is correct) but also
{UNRELATED_DOMAIN}.onmicrosoft.com
. The source IPs are all Microsoft servers. This makes no sense to me, as they don't knowingly use Microsoft. I also don't understand how a message could have a valid DKIM signature from both Google and Microsoft. I guess it is possible that Microsoft was somehow relaying a valid message that originated on Google, but I can't figure out how or why.
Any suggestions on helping me figure this out would be greatly appreciated. Thank you.