Forward to Gmail - DMARC failure

Forwarding to gmail address fails when original sender have reject policy set in DMARC record.
At least, that i what i understand what the problem is.

Can’t find any older topics with solution for this kind of problem. Only mentions that it is an problem.

Is forwarding email an option at all when sender have restrictive DMARC setup?

Forwarding has for many years been a hit and miss, and if you care for your email deliveries, forwarding isn’t really an option, unless you control the final destination.

In a DMARC world, pass either DKIM or SPF checks alone isn’t enough, the actual DKIM or SPF must also have proper alignment to the original domain name (Header From: / RFC5322.From) for them to pass.

If the sender domain is using SPF alone, and setting up a reject policy, then yes, then the DMARC checks will fail after forwarding, as a proper SPF with alignment won’t survive forwarding.

DKIM can, depending on how it is implemented / configured, survive forwarding.

There are still many legitimate domains and organisations out there, that aren’t doing DKIM signing of their outbound email traffic, even in 2023, for those, DMARC would fail after forwarding.

Not unless the sender are DKIM signing their messages properly.

And that the receiver actually accepts messages that are passing DKIM properly, but failing SPF.

Some further information about the alignment:

2 Likes

Thanks for good answer!

Original sender is missing to dkim-sign the message in this case. I will suggest to the sender to set that up correctly.

I have been forwarding to Gmail for quite a long time, and there is long between delivery failures. (At least once that i notice)

Ideerly i want to host my own email, but must admit that Gmail is convenient and doing the job quite well. Guess I need to monitor failure reports more closely in the future.

While providing a detailed guide for this method would be off-topic for this forum, some years ago I found it beneficial to stop forwarding domain mail to Gmail and switch to polling an external mailbox instead. If you don’t already have a mailserver to use for the mailbox, you can use any inexpensive mailbox. Even one included with cPanel hosting will work fine because your mail is only stored there long enough for Gmail to download it (and delete it from the server). This also will give you access to an outbound server to send domain mail from Gmail.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.