Gmail / Apps Forwarding - comprehension

Hello all !
I have a dmarc report on dmarcian app that I’m not sure I understand :

In that case, I anonymized the domains with my_domain.com and not_my_domain.com.

With this page : dmarc.io - Gmail / Apps Forwarding
i understand this:

  1. not_my_domain.com send email to my_domain.com
  2. my_domain.com make an automatic forwarding to gmail.com

That’s right ?

Hi kadmarc

Not quite. It’s the other way around. Your domain sent an email to their domain, and automatically forwarded it. The source is the forwarder, which means the domain you sent to is on Google/Gmail. It goes like this in most cases:

From: Original sender
Mail From: Forwarder domain, rewritten from yours due to SRS
Source: The forwarding infrastructure, which the forwarding domain uses
Reporter: Where the email was forwarded to

When you see Google as the forwarding source, and Google as the reporter, chances are this may be due to Google Group behaviour.

A Google Group is how Google handles distribution list. It behaves the same way as a mailing list. Let’s use a hypothetical example.

example.com is hosted on Google Workspace
group@example.com is a Google Group (distribution list) with 20 members.

If you send an email to group@example.com, your domain will receive a DMARC report for 21 unique email count. This is because Google performs a DMARC check for each email it distributes to members of that group, even if the members are also on example.com.

In the DMARC report or reports:
1 count will be for when Google initially received the email from your domain. This will show Google reporting your IP sending them an email from your domain.

20 counts will appear as sent from Google, to Google on behalf of your domain. This is the Google Group behaviour.

If you have a large number of Google forwarding, this is quite possibly the reason why. This is especially true if the XML report contains an Override Comment field of “arc=pass”. The override reason and override comment columns can be enabled in dmarcian.

The good news is, just like most mailing list, Google rewrites from the From header of domains publishing a DMARC policy of quarantine or reject to prevent impact on emails forwarded as part of their Google Group distribution. This means the number of Google forwarding will drop significantly once you publish an enforcement policy in DMARC, assuming you haven’t already done so.

I hope this helps!

Hi Asher,

Thank you for your answer !
Yes, it help me a lot :slight_smile:

Best regards.