I have seen a dmarc report for my org which displays dmarc partially passed.
when I looked into it, it mentioned SPF failed but DKIM passed for all of these records.
The policy is set to none as we are still analyzing the reports.
I thought when SPF fails DKIM should also fail by default as the email gateway through which the email is sent last would also sign it by default with its DKIM, even if it is just forwarding the email, or does the forwarders do not sign and so there is no DKIM used while forwarding.
I have read about this but could not reach a solid conclusion.
Some of the blogs mention that this happens if the receiver sets a forwarder to another email and it carries the original DKIM which is intact and not altered and the DMARC checks for the original DKIM signature, not the one which was used to forward the email in case if that was signed by that email gateway or a domain as we see an email passes through multiple Email/GW/relay /Domain until it finally reaches the recipient’s inbox.
While it says SPF failed as it now checks who was the last sender and from which email gw it has come instead of the original one which it did while checking for DKIM.
A bit confused on this, and if there is a good resource to read or a video link o clarify would be of great help.