This is an automated archive.
The original was posted on /r/sysadmin by /u/The-2-DB on 2023-09-27 10:21:57+00:00.
I’ve been helping my organisation deal with an issue where emails from @myorg.onmicrosoft.com to more than one Gmail address will cause Gmail to block the message to all recipients (see here for more info).
I’ve confirmed that SPF, DMARC and DKIM is configured correctly for my domain using
When I look at the headers of an email from my domain to a Gmail address, I see the following (excerpts included below)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;...
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;...
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=myorg.onmicrosoft.com; dmarc=pass action=none
header.from= myorg.onmicrosoft.com; dkim=pass
header.d= myorg.onmicrosoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d= myorg.onmicrosoft.com; s=selector2-myorg-onmicrosoft-com;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=x...
From: Joe Boggs [joe@myorg.onmicrosoft.com](mailto:joe@myorg.onmicrosoft.com)
To: "[test@dkimvalidator.com](mailto:test@dkimvalidator.com)" [test@dkimvalidator.com](mailto:test@dkimvalidator.com)
Subject: Hello
Thread-Topic: Hello
authentication-results: dkim=none (message not signed)
header.d=none;dmarc=none action=none header.from=myorg.onmicrosoft.com;
My question is why does the authentication-results
header say ‘message is not signed’ but the ARC-Authentication-Results
header says DKIM has passed?
You must log in or register to comment.