Am 08.02.2024 schrieb Cyril - ImprovMX via mailop <mailop@mailop.org>:
> But forwarding an email from a domain that have DMARC enabled (with a > policy different than "none") could still work if the sender signed > their email with DKIM. Isn't it correct? That is true. But not all domains have DKIM. > In order for DMARC to be valid, you need at least SPF OR DKIM to > PASS, but also have domain alignment between the From header and > either the SPF sending domain, or the DKIM signing domain. > When forwarding, you break SPF as you are probably not on the list of > authorized sending servers, but if the DKIM alignment and validity is > there in the beginning, the email should still pass DMARC. Depends on the receiver's policies. Google doesn't accept it if SPF fails. > The only case where email forwarding is in trouble is for senders > enabling DMARC without sending DKIM-signed emails. It makes much more trouble. If MAIL FROM: isn't being changed, a bounce (for whatever reason) goes to the original sender and confuses people and systems (some unsubscribe if a hard bounce is received). Spam that isn't being detected by your own systems is being forwarded to foreign mail providers and they may list you on a dnsbl. There are more disadvantages. I work at the IT department of a university and we have many clients complaining about mail problem related to forwarding. Some providers block bulk mails that often occur within a site (e.g. the boss want to inform 10000 employees and those have forwards to Gmail). That blocking might be a hard bounce, but can also be a rate limit or a silent drop. Most clients also don't check their spam folders and complain they didn't receive certain messages. My opinion: Get rid of forwarding to external sites whenever possible. _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
