I am pretty new to dmarcian and I’ve set up our parked domains with spf hardfails and our active sending domain uses the spf record of our hosted exchange provider. For now, the dmarc policy is set to none in order to gather more data before moving to the quarantine tag.
because of limited technical capabilities, we are not able to use DKIM until our provider has made some changes to their infrastructure until later this year.
Now, I’ve seen one source popping up as threat every once in a while. The reporter is google and the dkim entry points to the trustee of our Argentinian branch. The PTR record shows the server used is from toservers.com. I am not exactly sure what to make out of this.
Since according to the dkim entry in the report shows its our ARG trustee, I don’t think something shady is going on there, but I want to make sure. How can I make sense of theses threat reports?