Mautic, Amazon SES API, Google Domain - SPF & DKIM Pass, DMARC Fails

Your software
My Mautic version is: 4.4.6
My PHP version is: 8.0.28
My Database type and version is: 5.7.41, pdo_mysql

Your problem
When I send emails from within Mautic, even the test email, SPF and DKIM pass but DMARC fails and emails end up in the spam folder with this error in Gmail,

“The sender hasn’t authenticated this message so Gmail can’t verify that it actually came from them. Avoid clicking links, downloading attachments, or replying with personal information.”

Steps I have tried to fix the problem:
I have triple checked my DNS records with Google Domains and all look perfect. When I send an email from within Gmail using the same email that’s tied into Mautic, it delivers fine and passes SPF, DKIM, and DMARC.

Any and all help would be immensely appreciated. Thank you!

Hi,
If you don’t set up the authentication right then it will fail. Is this a subdomain you are trying to authenticate? What DNS you use?

I appreciate the response. I figured it out. When I was verifying my domain Identity within SES, I disabled the option for Publish DNS records to Route 53. My thinking was, I am using Google Domains. I don’t need that.

In doing that, everything being sent within Mautic was pulling the wrong SPF & DKIM records.

It was a very basic SPF record: v=spf1 include:amazonses.com -all
The one I had set up was this: v=spf1 include:_spf.google.com include:amazonses.com ~all

The DKIM it was pulling was not the one I had set up either.

I went back into SES and deleted my already identified domain and started the process over but left that option to Publish to Route 53 enabled. Sent a Mautic test email and sure enough, hit the inbox on the first try.

I wasted a day trying to figure this out, but glad I finally fixed it.