The identified issue is related to the use of subdomains.

When sending emails with the following configuration, the receiving mail server determines DMARC as "Pass," but MailAuth Analyzer judges both SPF and DKIM alignment as "NG" (Not Good). The DMARC alignment mode is set to Relaxed.

Example of mail header:
　From domain: abcde.example.co.jp (subdomain: abcde)
　Return-Path: smtp.example.co.jp
　DKIM d= tag: d=example.co.jp

Upon consulting support, we were informed:
"Even when records are set to relaxed alignment mode, MailAuth Analyzer's analysis considers specific alignment in the mail header. In this case, the 'Return-Path' does not match the domain in the 'From' header. This evaluation logic differs from that used in XML reports and is based on internal check logic."

According to the DMARC specification, relaxed alignment should permit subdomains for both SPF and DKIM. We believe that this internal evaluation logic in the MailAuth Analyzer could lead to unnecessary concern and confusion for users.

We suggest improving this logic to produce accurate reports, which would enhance user experience and reliability.