Closed jamescridland closed 2 years ago
DMARC is still passing despite SPF, this is because we use SRS (Sender Rewriting Scheme). We do not allow custom return paths, as we use SRS to route bounce emails properly to the original email sender (the original envelope from). You can ignore this false warning, everything is working OK. Also, Postmark incorrectly states it looks at the "Return-Path" header, this is incorrect, DMARC looks at the envelope MAIL FROM address (which some MTA's append as the "Return-Path" header, but not all of them do this).
Above is my weekly DMARC digest. I send all my email from Amazon SES (where almost everything matches), but clearly forwardemail messes with the SPF data. This means that sometimes things fall into the spam box, since SPF is never aligned correctly.
It looks like email from firstname@example.com forwarded by forwardemail.net contains a returnpath like this...
Return-Path: <SRS0=a4e0=WV=example.com=firstname@forwardemail.net>
Is there anything that can be done here to fix the SPF? I'm guessing that actually the answer is "no", since in the example above,
example.com
doesn't giveforwardemail.com
permission to send emails; but the DKIM should normally match.Just wondering whether this is fixable or not...
Checklist