Have DKIM and SPF pass for different domain

This isn’t a Dmarcian issue, but I figured people here would have suggestions on how to fix this.

I have SPF and DKIM keys set up on our email domains, and except for one user, everything is working wonderfully. I have one user who accesses their email account through Thunderbird, and somehow screwed it all up when they were importing all of their accounts in.

Basically, they have their own personal business domain (domain A), and a few of our charity domains (domains B & C) set up in Thunderbird. When they send through domain A, everything works fine. But when the send through domain B or C, the from line states “User name user@domainB.org via domainA.com” or "“User name user@domainC.org via domainA.com”. At first glance it seems everything is set up right in Thunderbird, but I’m going to have the user remove the accounts, and try adding them again. It has to be something in how they set it up in TB, because their emails from all the domains send fine when they log into the accounts directly through gmail and send them that way.

Question for everyone here though. I know I could just add info that’s in the domain A SPF record into the SPF records for Domains B & C, and that should let the emails pass SPF at least. What I don’t know, or if it’s even possible to do, is to create an DKIM key that would allow emails to sent via domain A, but pass the DKIM check, and also pass the DMARC check for it’s actual from domain (domain B or C in this case). I know this isn’t best practice by any means, but it’s now more of a curiosity if it can, and how it would be done.

I wouldn’t go nuking the accounts in Thunderbird just yet. I’d start by checking the SMTP settings assigned to each account in Thunderbird first.

It sounds like they have Domain A set up as the SMTP relay for Domains B & C.

Are these domains all on Google Workspace?

Assuming the answer to the previous question is yes, are they configured as separate Google tenants, or as alias domains in same Google Workspace tenant account?

Good point, LinkP. I was thinking the same. They have domain A setup as the “default” SMTP relay for the other domains. I’m also a Thunderbird user and have MANY email accounts setup, including some Gmail accounts. It’s absolutely possible to have different SMTP servers configured for each email account but that’s something the user would need to make sure is setup correctly.