We have implemented DKIM and DMARC but one of my thirth party companies how sends mail on our behalf gets a bound message: Sender domain ‘mydomain.xxx’ has a DMARC policy, but cannot use configured return path domain.
any one got an idea how to solve this? I looked and read to many forums and articles but can’t find the correct way to solve this.
Have you contacted the 3rd party’s support about the issue? It sounds like something you both will need to work together on.
If it is a major 3rd party email service they should have information available about how things must be configured in order to work properly with DMARC.
I can’t say exactly what the issue is based on the information you provided but it would seem to be related to the combination of the “from” and “return path” settings on the outgoing messages. Something isn’t playing well together.
I’m guessing here, but a 3rd party service (ESP) sending mail on behalf of (from) your domain while controlling the return-path in order to handle bounces will not work without some incantations:
Get the ESP to DKIM sign all mails with a signature from your domain. This can often be configured in the ESPs UI, and you must then authorise the DKIM keys by publishing appropriate TXT or CNAME record(s) in your domain’s DNS, and/or
Get the ESP to use a return-path in your domain that is a CNAME record pointing to the ESP’s server.
Sorry for not updating my topic!
The issue is resolved. The thirth party ESP gave me a whole list of records I had to add to my DNS (TXT, CNAME, MX record) which solved the issue.