One of our clients has 4 Top Level Domains since they merged companies.
User A from TLD 1 has been authorized to send e-mails on behalf of a mailbox on TLD 2, DMARC is in place on all TLD’s and all e-mails sent by user A from TLD1 on behalf of the mailbox on TLD2 bounce.
On the page “https://dmarcian.com/how-to-send-dmarc-compliant-email-on-behalf-of-others/” it states that sending mail on behalf of subdomains is possible however, I can’t seem to find out wether or not it is possible to configure DMARC in a way where it is possible to send on behalf of another TLD’s mailaddress.
I’m curious to know the answer on this one as well. I have not encountered this situation personally. We have multiple sending domains but we do not use the “send on behalf of feature”. Wish I could help. Hopefully @sean will jump on here.
The article you are referencing is more appropriate for service providers, than looking at the usage of a mail provider for a specific organization. What is allowed from a configuration perspective will depend on their environment. That being said, let’s just look at DMARC.
For a DMARC check to pass, SPF and/or DKIM alignment has to be a achieved as well as successfully validate. Alignment can be either strict or relaxed, the latter being the default if not specified in the record. So in your case it might be more important to understand why it bounced, to determine if it due to alignment, or a failure of a specific check.