It sounds to me like the bounce address is the third-party provider
and there's no DKIM signature, so there's nothing for DMARC to align
Sounds to me like the answer is that if you're going to let a third
party send mail for you, it'd be a good idea to enable the third party
to put on some DKIM signatures, too.
If you're going to have a third party send mail for you, why can't you just
list the third party IP address in your SPF record?
You can, if the third party puts your domain in the bounce address. In
this case it sounds like they put their domain in the bounce address.
John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail. https://jl.ly
dmarc-discuss mailing list
NOTE: Participating in this list means you agree to the DMARC Note Well terms