We're using Microsoft 365 (outlook.office.com) for our company emails and have had DKIM set up for a while, but recently added a DMARC record. I now got a DMARC report from Google where every record has <dkim>fail</dkim>
while all auth_results
in it have "pass", like this:
<record>
<row>
<source_ip>2a01:111:f403:260d::601</source_ip> <!-- mail-db5eur01on0601.outbound.protection.outlook.com.
-->
<count>2</count>
<policy_evaluated>
<disposition>none</disposition>
<dkim>fail</dkim>
<spf>pass</spf>
</policy_evaluated>
</row>
<identifiers>
<header_from>COMPANYDOMAIN.com</header_from>
</identifiers>
<auth_results>
<dkim>
<domain>SENDERDOMAIN.onmicrosoft.com</domain>
<result>pass</result>
<selector>selector2-SENDERDOMAIN-onmicrosoft-com</selector>
</dkim>
<spf>
<domain>COMPANYDOMAIN.com</domain>
<result>pass</result>
</spf>
</auth_results>
</record>
What does this mean? How do I troubleshoot why DKIM validation fails here?
When I test it by sending to dkimvalidator.com it reports "result = pass" for DKIM (and for SPF).