DMARC history

Hi, we are trying to forward email from uspto dot gov, received by our mail provider (zoho mail) to another mail handling service (zoho team inbox), and our domain is brealant.com (we have DMARC, DKIM, and SPF setup on ours). We are able to receive mail into zoho mail, but zoho mail is failing to forward to zoho teaminbox. Zoho mail stated:
“5.7.1 Email rejected per DMARC policy for uspto.gov
Forwarding is working for some senders, meaning we can forward from zoho mail to zoho teaminbox for some senders, but for uspto dot gov, the forwarding is failing.
Thank you!

In the age of DMARC, forwarding email is no longer the simple task that it once was. I recommend against forwarding whenever possible. That said, there are still circumstances where it makes sense, but you have to make sure that all the systems involved are able to work together.

The error message that is being returned to you is technically incorrect, since there is no DMARC policy published for the domain uspto.gov. Ignoring the misleading error message, it is still easy enough to identify the root cause. There is an SPF record published for uspto.gov. That record is definitely not going to include the IP addresses of your Zoho Mail server that is forwarding the message to your Zoho TeamInbox. That failure is triggering Zoho’s anti-spoofing rules which return the poorly phrased error you are seeing.

To enable forwarding for that domain, and likely any that make use of SPF, you will need to exempt it from DMARC (or SPF) policy enforcement on your Zoho TeamInbox. Details on how to accomplish that will likely require engaging Zoho support. I’ve not spent any time in the Zoho Community, nor engaged with their support, so I can’t offer any advice as to which route may be more beneficial.

Really appreciate your feedback. I will talk to zoho about it again. They have this kneejerk reaction to blame a third party. Imagine them blaming USPTO for their DMARC policy without even checking USPTO’s DMARC policy. They suggested I reach out to USPTO and tell them there was a problem :wink: Thank you!

It’s not so much that they are intentionally blaming USPTO’s DMARC policy. Their error message is just worded a bit generically. They are using using “DMARC policy” as a catch all when referencing messages that are not passing published authentication mechanisms. No email in the USPTO domain will pass such a check when sent through a third-party relay. I hope you find the necessary options available at Zoho to achieve your desired results.

The error message that is being returned to you is technically incorrect, since there is no DMARC policy published for the domain uspto.gov.

Perhaps they added one in the last few days, because there’s definitely one there now:

_dmarc.uspto.gov        text =
        "v=DMARC1; p=reject; rua=mailto:dmarc_agg@valigov.email,mailto:dmarc_reports@uspto.gov,mailto:reports@dmarc.cyber.dhs.gov"

Since I didn’t show my work, I can’t see if I did something dumb, such as omitting the underscore from my query. Either way, the solution remains the same. :wink: