I posted this in the Group Managers forum and a members suggested I post it here.
I'm working on setting up DMARC on my domain, obfuscated here as mydomain.com.
For a few days after I started posting in the Group Managers forum, I was getting reports of thousands of would-be failures for email sent from Moldava. I found a raw report with the Moldavan IP address. I don't quite understand the <auth_results> section: it looks like DKIM is passing using the groups.io signature, but the foreign IP (bleza(dot)skilldivinet(dot)net) is passing on SPF. Are they somehow spoofing the groups.io DKIM signature? Here is the report, with the questionable section in bold:
The only groups.io DKIM TXT record I know of is 20140610._domainkey.groups.io. If that is a date stamp, perhaps it's time to rotate the key?