How does DMARC impact email forwarding and deliverability?
Summary
What email marketers say11Marketer opinions
Marketer from Email Geeks clarifies that Laura Atkins means to not have DMARC policies of quarantine or reject, just have p=none.
Email marketer from EmailSecurityForum shares that implementing DMARC with a 'reject' policy can cause significant issues with email forwarding. Forwarded emails often fail SPF and DKIM checks, resulting in messages being rejected by receiving servers, impacting deliverability for forwarded messages.
Marketer from Email Geeks shares his take is that p=reject is more a security setting to stop spoofing vs deliverability, and it can hurt deliverability in some cases. He says its a balancing act between stopping spoofing or getting your emails delivered.
Email marketer from Reddit explains that if a domain has a strict DMARC policy (p=reject), forwarded emails will likely fail authentication and be rejected. This happens because forwarding breaks the original SPF and DKIM signatures.
Email marketer from Mailjet explains that DMARC policies, especially 'p=reject,' can cause forwarded emails to fail authentication checks and be rejected by receiving mail servers. This is because forwarding often alters the email's headers, invalidating SPF and DKIM signatures.
Email marketer from SparkPost explains that DMARC with a policy of 'reject' or 'quarantine' can significantly affect email forwarding. When an email is forwarded, the SPF and DKIM records are likely to be broken, causing the email to fail authentication and be rejected by the recipient's mail server.
Email marketer from EasyDMARC shares that DMARC can negatively impact email forwarding because when an email is forwarded, the SPF and DKIM records may no longer align with the forwarding server, leading to authentication failure and potential rejection by the recipient's server.
Marketer from Email Geeks states that setting a reject policy can also help deliverability, though, if spoofing is hurting your delivery.
Email marketer from Quora user shares that DMARC can negatively affect email forwarding because forwarded emails often fail SPF and DKIM checks. This is due to the forwarding server not being authorized to send emails on behalf of the original domain, leading to potential delivery issues if DMARC policy is strict.
Email marketer from StackOverflow answers that DMARC can affect email forwarding by causing forwarded messages to fail SPF and DKIM authentication. This is because the forwarding server is not authorized to send emails on behalf of the original domain, leading to potential deliverability issues if the DMARC policy is set to reject.
Email marketer from Postmark explains that DMARC policies, particularly those set to 'quarantine' or 'reject,' can interfere with email forwarding. When an email is forwarded, it often fails SPF and DKIM checks because the forwarding server isn't authorized, leading to deliverability issues.
What the experts say6Expert opinions
Expert from Email Geeks clarifies that p=reject only works for direct domain spoofing and won't stop invoice fraud if financial services use their own domains.
Expert from Spam Resource explains that DMARC can cause problems with forwarding because forwarded mail often fails SPF checks, particularly if the forwarder doesn't rewrite the envelope sender. This leads to DMARC rejections if the DMARC policy is set to 'reject' or 'quarantine'.
Expert from Word to the Wise explains that technologies like ARC are being developed to try to help with forwarding issues. ARC lets forwarders validate the original authentication results so that when the mail gets to Gmail, they trust the authentication even though it doesn't come directly from the original sender. So ARC has a chance to make forwarding work better with DMARC.
Expert from Email Geeks explains that forwarded emails might fail DMARC checks because the SPF domain isn't always changed during forwarding, and she is not sure why they chose to do it that way.
Expert from Email Geeks suggests not using restrictive DMARC policies for mail that you actually care about reaching your recipients, especially when forwarding is involved.
Expert from Email Geeks suggests using a subdomain in the 5322.from for those emails if you want to have a different DMARC policy applied to just Klaviyo emails.
What the documentation says5Technical articles
Documentation from Valimail shares that DMARC impacts email forwarding by causing authentication failures when SPF and DKIM records no longer align with the forwarding server. This results in deliverability problems because forwarded emails may be rejected based on DMARC policy.
Documentation from Google explains that DMARC can cause legitimate emails, including forwarded messages, to be rejected if the forwarding process breaks SPF or DKIM authentication. They recommend solutions like using authenticated mailing lists or ARC to preserve authentication results.
Documentation from Microsoft explains that DMARC is designed to prevent email spoofing. Forwarding can be impacted if it breaks the DMARC checks, potentially causing legitimate emails to be flagged as spam or rejected. They suggest using trusted forwarders and implementing ARC.
Documentation from DMARC.org explains that DMARC is intended to protect your domain from unauthorized use, like spoofing, and unintended use such as forwarding which can break authentication. Forwarding breaks DMARC because the source authentication no longer matches the recipient.
Documentation from IETF RFC 7489 describes DMARC's interaction with forwarding. When an email is forwarded, the original SPF and DKIM records are often invalidated, leading to DMARC failures if the forwarding server isn't authorized. This can cause deliverability problems, especially with strict DMARC policies.