DMARC failed, but SPF pass

Solution 1:

The reason for the DMARC fail on SPF policy (<policy_evaluated><spf>fail) despite the SPF check passing (<auth_results><spf><result>pass) is that your SMTP "mailFrom" (envelope MAIL From or RFC 5321.MailFrom) & your header "From" fields are out of alignment. I can't be sure from the extract you posted, but it's the likely answer.

e.g. if your mail system sets the envelope MAIL From to <[email protected]>, but your header From says the reply address is <[email protected]> the domains are out of alignment & the DMARC evaluation of SPF will fail, even though you have included mail.provider.tld in your SPF record.

These articles may help:

• https://stackoverflow.com/questions/33288490/dmarc-spf-dkim-not-authenticating-with-third-party-mail
• https://blogs.msdn.microsoft.com/tzink/2013/04/27/how-to-setup-dmarc-records-if-you-are-outsourcing-some-or-all-of-your-email-part-1 & https://blogs.msdn.microsoft.com/tzink/2013/04/27/how-to-setup-your-dmarc-records-if-you-are-outsourcing-some-or-all-of-your-email-part-2

As Henry said, you only require one of the two tests (SPF or DKIM) to be in alignment for DMARC to pass.

Solution 2:

I don't know much about that testing location, I use [email protected] as my main go to email tester. That aside, DMARC can fail, if your SPF is not aligned this is called the ASPF test. DMARC requires SPF, DKIM or Both. Since you have SPF working, the only thing that comes to mind will be that possibly your ASPF Test is failing, or the tester has a possible bug. I did test my email with that test and it did indicate that I passed DMARC.