My client has an email provider that is using AWS for sending emails. This works fine and emails are DKIM signed with proper alignment.
On some emails, the client (using O365 for incoming emails) puts themselves as BCC. These emails are delivered Dmarc compliant and without issues to the recipient in TO.
At the recipient in BCC (same as the sender) Microsoft claims that Dmarc fails. The header of the email to the BCC address is available below. SPF is not aligned for reasons so we need to rely on DKIM. The email contains 2 DKIM signatures, one aligned with the sender. Microsoft does however not seem to use this signature for evaluation, is that correctly interpreted from my end?
Why does this email pass Dmarc with the recipient in TO (at Google) and not with the recipient in BCC (at Microsoft)?
Authentication-Results: spf=pass (sender IP is 54.240.3.18)
smtp.mailfrom=eu-west-1.amazonses.com; dkim=pass (signature was verified)
header.d=amazonses.com;dmarc=fail action=quarantine
header.from=client-domain.com;compauth=fail reason=000
Received-SPF: Pass (protection.outlook.com: domain of eu-west-1.amazonses.com
designates 54.240.3.18 as permitted sender) receiver=protection.outlook.com;
client-ip=54.240.3.18; helo=a3-18.smtp-out.eu-west-1.amazonses.com; pr=C
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=x7p3csefwpnc4doyyxbwyl34ozlaiizg; d=client-domain.com; t=1725179837;
h=From:Reply-To:To:Subject:MIME-Version:Content-Type:Message-ID:Date;
bh=yfazGShthFakbrrj6CUQq+aA4j9PGLB+w9S64PhnoA8=;
b=Yvoz2yvqXAtdO/NAE74fj+TRAoBVvgwbn81NSX5dV//T27UpRM3TeEnjhukFH2XA
eEDT9mmk8t5GHZwMUtlewqJ1vGMZsl4NzhEFFxSGIvYzGyl6FURJVaR2pZH5QjzVbMZ
aP1nnB5U81grskpymIgA+1pG0Vd49SF2iSHpEkwI=
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
s=uku4taia5b5tsbglxyj6zym32efj7xqv; d=amazonses.com; t=1725179837;
h=From:Reply-To:To:Subject:MIME-Version:Content-Type:Message-ID:Date:Feedback-ID;
bh=yfazGShthFakbrrj6CUQq+aA4j9PGLB+w9S64PhnoA8=;
b=XeL/vdW1ExcPnsZkVZ5iBSqHPLh3sefrOJpiMoPd7e8eC59XUGlF2/9+A3WzBQ5t
JTNXnEMtAu9SUwn5FnL4AhmfttZyPJlrM47Z996oatPhz7ZV/QyD80LCL72iDqWf7V8
WUKSjRXg9jWssEcr+1d9Xnl727TKo7+0TZQco3xY=
From: =?UTF-8?Q?Sender?= <info@client-domain.com>
Reply-To: info@client-domain.com
To: random-address@gmail.com