Is DMARC the end of email forwarding?

email mailgun forwarding email-forwarding dmarc
12,597

Solution 1

I think the problem you are coming accross is not the forwarding, but the DKIM alignment. Yes, SPF will Fail, but DKIM should Pass, but the DKIM Alignment might not pass. DMARC requires alignment to be strict or relaxed, based on your policy. You can read up more on alignments here: Identifier Alignments

There are testing tools like sending an email to [email protected] that will show the alignment on the results, but it's a paid feature.

Since this is a problem, there is a new specification in the works called "ARC" the intent of this is to solve this very problem, you can read about that here: ARC Spec

Solution 2

I asked Mailgun support about this problem and was not given any helpful answers. However, the solution is actually in their documentation:

Note If you forward messages to another email address, then you should disable click tracking, open tracking and unsubscribes, by editing your domain settings in the Control Panel. If these features are enabled, the content of each message is modified by Mailgun before forwarding, which invalidates the DKIM signature. If the message comes from a domain publishing a DMARC policy (like Yahoo! Mail), the message will be rejected as spam by the forwarding destination.

https://documentation.mailgun.com/en/latest/user_manual.html#routes

So, I turned off all of those features on my main domain which I use to receive mail and that solved the DMARC bouncing. If you want to use any of those features, you will need to setup a sub-domain for outgoing mail.

Solution 3

As mentioned above, the issue is that upon sending an email somedomain.com stamps the email with a DKIM (a unique hash of the email's content). When Mailgun forwards the message to Gmail, it inserts it's open/click/unsubscribe modifications which then invalidates the DKIM hash.

Because somedomain.com DMARC says "reject anything that has had the DKIM invalidated" Gmail or other services reject the email.

The workaround I found was to to use a native mailbox solution. WhoIs comes with one which is easy to setup for example: https://manage.whois.com/kb/servlet/KBServlet/faq579.html

Afterwards I simply added the POP mailbox in Settings of Gmail. (As of Gmail December 24, 2017). I was able to re-enable Open and Click tracking and now everything works and I happily get my mails in Gmail still.

As a bonus, we use the email as a shared inbox so now everyone can see the sent emails in their inbox instead of just the forwarded responses.

[Edit] After doing this I realized I was now only getting my emails in the native mailbox solution but no longer in Mailgun where I also needed them.

To work around this, I added MX records to point to mxa.mailgun.org using a subdomain, so mg.exampledomain.com

Then I used a forwarding rule in WhoIs to send all emails that are delivered to [email protected] to also be delivered to [email protected]. Now I get the messages in Mailgun and am still able to see it in Gmail through the POP mailbox.

Share:
12,597
user2988743
Author by

user2988743

Updated on June 03, 2022

Comments

  • user2988743
    user2988743 about 2 years

    I'm using a fair bit of email forwarding on a number of domains and the latest p=reject policy of AOL is causing me some problems and also a lot of confusion. My understanding of DMARC is that it's based on DKIM & SPF with a reporting layer. I understand that SPF is a problem with forwarding but as long as the SPF is set to ~all soft fail then that isn't a show stopper. I also thought DKIM could pass through forwarding without problems as long as you don't mess with the headers much. However I'm finding that certain emails from AOL being forwarded by MailGun are failing DMARC when they land at GMail. MailGun say its due to a sender/from mismatch error. Can anyone elaborate on whether email forwarding is doomed as DMARC takes hold or are MailGun just not forwarding properly?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Hotmail rejecting all emails using Mailgun or SparkPost
How do you remove the replied/forwarded indicator from a message in Outlook?
Can I change the "Reply to:" options on iPhone?
How can I tell if an email has been sent directly, or redirected on the way?
How to read email received on a Debian server
Email abuse reports for outbound.protection.outlook.com
SPF and DKIM help: Do the FAIL reports from DMARC indicate an issue?
Nginx - Email Forwarders
how to configuration dkim on exchange email server
SPF + DKIM + DMARC with Gmail account and external mail server