Example

SPF, DKIM, and DMARC diagnosis example.

See how WillItInbox explains a message where SPF passes, DKIM passes, but DMARC alignment or policy still creates risk.

The common confusing failure

A message can pass SPF and DKIM checks but still be weak from a DMARC perspective if the authenticated domains do not align with the visible From domain.

Signal	Example evidence	Interpretation
SPF	Return-Path domain passes for esp.example.net	SPF authenticates the envelope sender.
DKIM	d=mailer.example.net verifies	DKIM authenticates the signer.
From	From: [email protected]	Visible sender is example.com.
DMARC	No aligned SPF or DKIM identifier	The visible domain is not authenticated.

How WillItInbox explains the fix

The report points teams toward alignment rather than only saying pass or fail.

Configure the ESP to use a custom Return-Path or bounce domain when SPF alignment is required.
Configure DKIM signing with the From-domain or an aligned subdomain.
Keep DMARC at p=none until legitimate senders are aligned, then move toward quarantine or reject.