SPF, DKIM pass, DMARC fails, confirm path correctly set

Hi there

I’m trying to determine why a mails sent by a third party mailer (php mailer via LimeSurvey) through smtp via mail provider google apps are failing checks in dmarc reports - can anyone help?: The domain is learningtoflourish.co.uk and a typical example is here:

(report at Dmarcian without html link) /pUhkLnRsar8xbSA4/

So far I’ve tried the following:

  • Verify that my spf policy is set correctly (“v=spf1 a ip4: include:_spf.google.com ~all”). This confirms that the third party mailer hosted at is permitted

===> but do I need to add domain name ares.krystal.co.uk in the include section?

  • Check that the return path on my third party mailer (php mailer via LimeSurvey) are set correctly: bouncepath is an email address from the correct domain (…@learningtoflourish.co.uk-


diagnosing this sort of failure is one of the best use cases for DMARC. I found the correct link for that report: https://us.dmarcian.com/dmarc-xml/details/pUhkLnRsar8xbSA4/

It looks like messages sent from the ‘krystal.co.uk’ environment are completely failing DMARC; no DKIM signing and the SPF authentication domain does not match your From header domain. Adding ares.krystal.co.uk to your SPF record will not help. Since the SPF domain in use is ‘ares.krystal.co.uk’, that is the location that receivers are looking for an SPF record. Your domain learningtoflourish.co.uk and any SPF entries there are completely irrelevant to this traffic, since no receivers will look for SPF there.
You need to get that sender to use your domain in the mail-from (SPF domain), and/or sign DKIM for your domain.