3

I do not expect my problem to be super-unique, but I was not able to find and answer so far even at Gmail help pages, and lots of googling with various terms did not provided a solution. Context:

There is company, lets say BusyCorp LLC, whose SaaS product and related emails are live in, lets say, in product.com domain.

They use Gmail for their normal emailing stuff, with default (sign-in domain) like busycorp.com due some historical reasons, does not matter.

The product.com domain is configured as alias domain for their Gmail setup, so for example their employees can send messages from addresses like bob.parker@product.com by selecting it from the aliases dropdown when they are composing emails at Gmail page.

The email, though have Return-Path header like bob.parker@busycorp.com which causes SPF mismatch even with default relaxed alignment for product.com.

Is there a way to setup some MX, A, TXT or SPF records, or apply some settings at Gmail to make sure that Return-Path will be like bob-parker@product.com or like message-id@gm.product.com as used for SES, to make sure that is SPF aligned?

Or changing main domain at the Gmail settings is single way to fix that? Will there be some consequences of that switch, if so? like will they all be signed out of Gmail, Google Cloud Console, Google Analytics?

Best regards and thanks for your answers and time!

Kote Isaev
  • 135
  • 3

1 Answers1

0

this is caused by using STRICT mode for your SPF. If you change it to relaxed, then you will no fail authentication, as long as DKIM is properly setup. I have tested and confirmed this, as I had the same issue. I have written an article explaining it here. https://domainadmintools.com/dmarc-strict-vs-relaxed-alignment-how-to-fix-spf-alignment-failed/

snake
  • 116
  • 1