Hi I have read through some of the forwarding information but am still confused, I can see only 40% of Forwarders going from Gmail / Apps Forwarding are Dmarc Compliant.
is there a way to improve this compliance percentage and can you please provide an example of a forward email? e.g. is it an out of office email or simply an email forwarded from our domain to Google?
Hi Rickage
The type of forwarding found within the console is when the original source of the mail was other than the one doing the final delivery and checked for DMARC. A common example of this would be configuring automatic forwarding in your Gmail account to another email account completely.
The reason the above matters in the context of DMARC authentication is due to the fact this kind of forwarding will retain the original RFC5322 From address. Since a DMARC check is done against the domain extracted from it, it becomes important to understand what could help it survive the forwarding process.
DMARC compliance from forwarded mail needs to be looked at primarily in the context of DKIM compliance. SPF will largely always fail due to either SRS (sender rewriting schemes) where the return-path is replaced by an address of the forwarder, or it simply fails due to the forwarder very likely not being in the original domain’s SPF record. DKIM is a header however and automatic forwarder almost always keep headers intact. As long as the email is not modified, DKIM can still pass once finally delivered.
To raise your compliance, ensure DKIM is deployed in a DMARC compliant way where possible on your email sources.
I hope this helps.
-AM
Thanks Asher very good explanation 
