AWS SES - SPF Raw Pass but DMARC Fail-unaligned

Hello All-

I’m a new user and I’m having a hard time understanding why email that has been sent from an authorized source (AWS SES) is showing SPF DMARC as “fail-unaligned”. This is happening despite the IP address shown in the “IP” column being directly included in my SPF record (It’s a dedicated IP from AWS).

The funny thing is that the SPF “Raw” column shows as “pass”. So if that passes, why is the DMARC SPF listed as “fail-unaligned”?

As a note, the DKIM DMARC does show as aligned so this is a pass, but it should be a pass on SPF as well.

See image below for reference.

Thank You!

Unaligned DMARC on SPF means that the RFC 5321 & RFC 5322 address domains don’t match.

The RFC 5321 address is the email address used in the SMTP transaction. You will sometimes see it referred to as the return-path. In your example it is amazones.com.

The RFC 5322 address is the From address that is included in the email itself. In your sample image, this is the blurred domain in the first column. Since these domains do not match you cannot pass DMARC with your SPF, even though the raw SPF passes.

I can’t really comment on your DKIM alignment in any detail since most of the relevant columns are truncated in your image.

LinkP,
Thanks very much for the clear explanation, appreciate it.

Cheers!