Forwarded emails failing dmarc

I have DKIM and SPF configured, together with a DMARC policy, and most emails seem to be passing with no problem. I currently have my policy set to 10% quarantine. However, when I view the Policy planner, it says “Publish a stronger policy” but has the following Note: “You have some forwarding volume that is not fully dmarc compliant. A more aggressive policy may prevent delivery of forwarded emails that do not pass DMARC (by preserving DKIM keys).”
Here is a screen shot of the Detail Viewer, filtered with “Show impact of policy”.

Does this mean that the emails that I have sent which are being forwarded are likely to be marked as spam (assuming I go for 100% policy)? If so, what can I do about this?

Thanks for any help.

You mention that you are using DKIM. Are your DKIM signatures being reported as valid?

If they are, that suggests that the forwarders are breaking your DKIM signatures. You may not be able to fix that since it is happening in the recipient’s infrastructure.

If you are not seeing valid DKIM in destinations that are not using forwarders, identifying and fixing whatever is invalidating your DKIM signatures is likely to improve DKIM survival in forwarders.

Hi LinkP - as far as I can tell, DKIM is being reported as valid (this is the Detail View, All Results, DMARC Capable tab) :

Any suggestions as to what to do now?

Thank you.

There isn’t anything you can do in that situation. Recipients with poorly implemented email routing is a “them” problem, not a “you” problem. They may be aware that their implementation breaks authentication and ignore it accordingly. They may wonder why they don’t see some of their email. Either way, you can’t fix anything that is broken by their setup.

1 Like

Thanks for the help. I have now set quarantine to 100% and not had anyone say that they are missing an email.

1 Like