Why is DMARC, DKIM, and SPF failing at custom domain in Office 365

Third party used for DNS and web hosting. Third party has valid SPF, DKIM and DMARC records. Authentication section of email headers on received email indicates “pass” for SPF, DKIM, and DMARC. Dmarcian reports valid DMARC but no DKIM Signing. Outlook email results show failed SPF, failed DKIM and failed DMARC.
Also, numbers reported do not add up to expected totals.
Any Thoughts?

Hi gmparsons,

There could be many variable at play here. However at the base, our platform processes what is sent to us. We don’t make up data, we simply process the XML reports themselves. The most common variables to consider are that some reporters will report either wrong, or delayed data. Also, not all receivers report DMARC aggregate data, meaning the volume reported via aggregate reports can be smaller than the true volume sent by any given email source.

Those are the most common, but by no mean exhaustive and I would not be able to comment further without a thorough review of the sending data, received emails, and reported XML.

I hope this helps!

AM