We use zendesk and CSOD. The automatic emails it sends out are not reaching a specific user outside of our domain. I have examined the header info from the undeliverable email supposed to go out to the outside user and some header info from emails I sent to my own personal gmail as a test.
Does anyone have any suggestions as to where to look first? Is it OK to post the header info here? If its failing arriving to her but only her is it more likely the issue is on our end or hers? Our policy is set to reject so not sure why it shows quarantine below.
ARC-Authentication-Results: i=1;
relay.mimecast. com;
dkim=none;
dmarc=fail reason=“No valid SPF, No valid DKIM” header.from=csod.com (policy=quarantine);
spf=none (relay.mimecast. com: domain of mail.la4.csod.com has no SPF policy when checking
I will speak primarily on Cornerstone since that is the headers you provided. Be mindful the headers provided are ARC headers, which can still be used in this case.
Cornerstone typically sends mail using an aligned return-path. In this case it seems the receiver used mail.la4.csod.com to check SPF. This domain is one of CSOD’s mail relays. A receiver would not check this unless the return-path would be null, which is common with automated responses or certain types of automated messages. In that case the receiver checks the EHLO identify, which should be a FQDN of the server delivering the mail.
What this means here is that alignment would not be possible with these kind of emails. You would have to rely on a properly configured, aligned DKIM signature. CSOD does support this feature, but you must request it with their support.
I cannot speak on Zendesk without seeing any evidence of the current state of authentication, as many things could cause a failure, such as forwarding, specific receivers and so on. I hope this helps.
