I am working a 3rd party (redSift OnDMARC) to implement DMARC across my domain and have hit a bit of a wall in terms after configuring all protocols SPF, DKIM & DMARC. The 3rd party are suggesting it is a good time to place my domain into Reject. However, I am not completely sold on the matter, as I am seeing a huge volume for Google Work Space on my domain and that is constant very month. I am being told that Google is a forwarder and most of the traffic I see is Auto Forwarding.
I have also been told that my DMARC reports show me the last hop of the email flow before reaching a recipient on my domain. However, I believe the product is telling us that someone is sending email and is saying it is coming from my domain.
My issue is that I don’t believe that the 3rd company product would have visibility of Auto forwarding. I am a Microsoft shop and I do not allow the use of Google work space on my Domain. I believe the tool is showing me services that are pretending to our domain. Which wouldn’t include Auto-Forwarding and doesn’t make sense in this instance. The big question that I have is why do I see Google work space as a sender of my domain, when it is not authorised on my system. Also trying to understand if that is legitimate or malicious traffic that I am seeing. The volume of email that I have is in the thousands and I am concerned if I just switch to reject, that I may potentially impact a live system.