With configured ARC sealers domain when recieve emails from other ms exchange I see compauth=none reason=452, is ARC result used to override a DMARC failure in this case? Or what can I do to use ARC result in case DMARC failure?

Question

I have configured Trusted Arc Sealer

For some reason I see different Authentication headers when recieve from other ms exhange and gmail.

• from ms - compauth=none reason=452
• from gmail - compauth=pass reason=130

https://learn.microsoft.com/en-us/defender-office-365/email-authentication-arc-configure

In the documentation I see:

To check whether the ARC result was used to override a DMARC failure, look for compauth=pass and reason=130 in the last Authentication-Results header

On this step I don't understand what compauth=none reason=452 said me

When I recieve email from ms exchange I have:

ARC-Authentication-Results: i=4; mx.microsoft.com 1; spf=softfail (sender ip
 is ) smtp.rcpttodomain=
 smtp.mailfrom=; dmarc=fail (p=quarantine sp=quarantine pct=100)
 action=quarantine header.from=; dkim=pass (signature was verified)
 header.d=; dkim=fail (signature did not verify)
 header.d=; arc=pass (0 oda=1 ltdi=1
 spf=[1,3,smtp.mailfrom=cynet.com] dkim=[1,3,header.d=cynet.com]
 dmarc=[1,3,header.from=cynet.com])
Authentication-Results: spf=softfail (sender IP is )
 smtp.mailfrom=; dkim=pass (signature was verified)
 header.d=;dkim=fail (signature did not verify)
 header.d=;dmarc=fail action=quarantine
 header.from=;compauth=none reason=452

When I recieve email from gmail I have:

ARC-Authentication-Results: i=2; mx.microsoft.com 1; spf=softfail (sender ip
 is ) smtp.rcpttodomain=
 smtp.mailfrom=gmail.com; dmarc=fail (p=none sp=quarantine pct=100)
 action=none header.from=gmail.com; dkim=pass (signature was verified)
 header.d=; dkim=fail (signature did not verify)
 header.d=gmail.com; arc=pass (0 oda=1 ltdi=1
 spf=[1,1,smtp.mailfrom=gmail.com] dkim=[1,1,header.d=gmail.com]
 dmarc=[1,1,header.from=gmail.com])
Authentication-Results: spf=softfail (sender IP is )
 smtp.mailfrom=gmail.com; dkim=pass (signature was verified)
 header.d=;dkim=fail (signature did not verify)
 header.d=gmail.com;dmarc=fail action=none header.from=gmail.com;compauth=pass
 reason=130

Answer 1

Dear @Eyal Test

Thank you so much for contacting Microsoft Q&A Support. 

From what you’ve described, it sounds like you're looking into ARC (Authenticated Received Chain) and compauth (Composite Authentication) results in Microsoft 365 and trying to figure out why emails from Exchange and Gmail are showing different authentication headers. 

To dig deeper into this, we'd actually need details about your domain and its setup. Since that’s sensitive info and I don’t have access to internal tools or testing environments as a forum moderator, I’m limited in how much I can help here. 

The best next step would be to open a support ticket with the Microsoft Defender for Endpoint team. You can do that here: Contact Microsoft Defender for Endpoint support - Microsoft Defender for Endpoint | Microsoft Learn 

This will allow our dedicated support engineers who have broader diagnostic tools and permissions to investigate and assist you more effectively.  

I hope for your understanding and patience in this matter.

---

If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.