I have set adkim=s and aspf=s, the DMARC check on mxtoolbox.com passes all tests. However, I'm using the default DKIM from microsoft, so from my understanding DMARC should fail since the alignment check with DKIM should fail. However, it passes:
Authentication-Results: mx.google.com;
dkim=pass [email protected] header.s=selector2-examplecom-onmicrosoft-com header.b=bdMHamqv;
arc=pass (i=1 spf=pass spfdomain=example.com dkim=pass dkdomain=example.com dmarc=pass fromdomain=example.com);
spf=pass (google.com: domain of [email protected] designates 4b14:222:c200:5a2a::315 as permitted sender) [email protected];
dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=example.com
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=examplecom.onmicrosoft.com; s=selector2-examplecom-onmicrosoft-com; ...
Clearly the d=examplecom.onmicrosoft.com is not the same as header.from=example.com... so why is DMARC passing anyways?