I'm using a fair bit of email forwarding on a number of domains and the latest p=reject policy of AOL is causing me some problems and also a lot of confusion. My understanding of DMARC is that it's based on DKIM & SPF with a reporting layer. I understand that SPF is a problem with forwarding but as long as the SPF is set to ~all soft fail then that isn't a show stopper. I also thought DKIM could pass through forwarding without problems as long as you don't mess with the headers much. However I'm finding that certain emails from AOL being forwarded by MailGun are failing DMARC when they land at GMail. MailGun say its due to a sender/from mismatch error. Can anyone elaborate on whether email forwarding is doomed as DMARC takes hold or are MailGun just not forwarding properly?
I think the problem you are coming accross is not the forwarding, but the DKIM alignment. Yes, SPF will Fail, but DKIM should Pass, but the DKIM Alignment might not pass. DMARC requires alignment to be strict or relaxed, based on your policy. You can read up more on alignments here: Identifier Alignments
There are testing tools like sending an email to [email protected]
that will show the alignment on the results, but it's a paid feature.
Since this is a problem, there is a new specification in the works called "ARC" the intent of this is to solve this very problem, you can read about that here: ARC Spec