You could be too important for your emails to be missed and other reasons.
Your DMARC policy is on the highest enforcement, and yet your emails are getting spoofed! This is called DMARC Override. It is frustrating — we know. Why is it happening? Here’s why:
Imagine you are the central bank of the nation or an important entity, and the banks in the country want to make sure that your emails are not missed at any cost. They may incorporate local policies on their end on their mail servers, to ensure that they don’t miss a single email. This hyper-zeal may result in spoofed emails getting delivered as well. This will give you a sense why this can happen but there are other technical reasons as below according to the DMARC RFC.
- forwarded: The message was relayed via a known forwarder, or local
heuristics identified the message as likely having been forwarded.
There is no expectation that authentication would pass.
- local_policy: The Mail Receiver’s local policy exempted the message from being subjected to the Domain Owner’s requested policy action.
- mailing_list: Local heuristics determined that the message arrived via a mailing list, and thus authentication of the original message was not expected to succeed.
- sampled_out: The message was exempted from the application of policy by the “pct” setting in the DMARC policy record.
- trusted_forwarder: Message authentication failure was anticipated by other evidence linking the message to a locally maintained list of known and trusted forwarders.
- other: Some policy exception not covered by the other entries in this list occurred. Additional detail can be found in the PolicyOverrideReason’s “comment” field.