Partial SPF issues in email routing

So Google D omains closed and I transferred my domain to Porkbun (could not to Cloudflare, I got a .ca amond others). I did not had a GWorkspace on the said domain.

I used to transfer all of my emails from one of my side work (an office365 account - let’s say from [email protected]) up to [email protected] which was then all catched up to a personnal Gmail account so as to centralized all my emails in one inbox.

I didn’t used Email routing before (Google D omains did it instead), so I activated it on Cloudflare and I set up a S PF and DMARK policy so as to be able to send email from my gmail account as well as my work account.

I then added these rules to my DNS :
"v=spf1 include:spf.protection.outlook.com include:_spf.google.com include:_spf.mx.cloudflare.net ~all"
"v=DMARC1; p=none; rua=mailto:[email protected]"

I also added a two email routing rules :
[email protected] up to [email protected]
and a catch-all up to [email protected]

Like that I was able to send email from my domains through my gmail account as well as receive any incoming email on the domain.

However, it seems Cloudflare refuse many emails from my work address (but not all of them).
For specific senders (like some using Office365 or some like Doodle notifications) I get a rebound message in my work inbox stating that message :

Created Date:	11/3/2023 2:53:20 PM
Sender Address:	[email protected]
Recipient Address:	[email protected]

Subject:	(the subject of the email)

Error Details
Error:	550 5.7.23 The message was rejected because of Sender Policy Framework violation -> 550 5.7.1 DMARC checks failed. cz7TXBpogGQQ 
Message rejected by:	mx.cloudflare.net

But most of the emails sent pass through ! … And all S PF references in the rejected message header all says that S PF is passing …

I have no idea why Cloudflare is rejecting those email and specifically those … but it is troublesome as some of these are quite important

Where should I start troubleshooting ? It Seems S PF is not working from my sender … bu one of them is Teams, or Microsoft helpers themselves … I assume they have the right S PF

Any idea please ?

Welcome to the Cloudflare Community.

Email forwarding is not particularly suitable for important mail.

It doesn’t matter. SPF is not compatible with email forwarding and not all email is DKIM signed. You will have more reliable results by routing directly to a mailbox provider that hosts your domain email.

Thank you for the warm welcome.

And I understand your point about important emails but I cant stand using Outlook

If I understand correctly, you say I should use a mailbox from Porkbun ? I’m not sure about that as that defeats the goal of having just one mailbox (Gmail) … And I’m not sure either if the mailbox on Porkbun would have all the features GMail offers…

There is no way to loosen the DKIM rules to let others send me emails and let me judge myself what should be spam or not ?

I never mentioned using Outlook.

I definitely didn’t say that, either.

If you want GMail features with domain email, Google Workspace is the right solution.

That’s not going to happen.

I understand now …

I’m gonna look into that avenue, see if Google allows the management of the different domains if I pay for a workspace instead of going to Porkbun.

Thanks for the quick answers and the laugh

Google Workspace is billed by the user and can support more than one domain name. Depending on how many users in the domain and whether they have any common organizational attributes will influence whether you should place them in the same Workspace tenant. If it is just you, or a very small number of related users who all use the same domains, it might make sense to keep them together.

I don’t want to get too far off topic for this venue, but figured those brief details might be useful.

Thanks a lot ! <3

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.