1

I have my personal email address set as a "send as" option (i.e. an alias) on gmail, e.g. me@mydomain.com. I don't use Google for any services relating to mydomain.com, so I don't have an admin console or dashboard.

Email "sent as" my personal email address via the gmail web UI fails both SPF and DKIM, despite having v=spf1 include:_spf.google.com as a DNS TXT record for mydomain.com.

I see the following as an mxtoolbox report, specifically showing "Domain not found in SPF" and no DKIM signature found. mxtoolbox report

Is it possible to fix this with my personal domain name DNS entries? Or will this sort of email always fail DMARC/DKIM/SPF if Google is not hosting the domain name?

I've done some searching on this issue and everything I've found is advice when using Google admin/workspace. Here, the domain name and MX record are elsewhere, but gmail is configured to "send as" a user from this domain name.

Adam J. Kessel
  • 173

1 Answers1

1

These are the relevant headers for analysing the situation:

Return-Path: <my_address@gmail.com>
. . .
Authentication-Results: mail.protonmail.ch; dmarc=fail (p=none dis=none)
 header.from=example.com
Authentication-Results: mail.protonmail.ch; spf=pass smtp.mailfrom=gmail.com
Authentication-Results: mail.protonmail.ch; arc=none smtp.remote-ip=209.85.208.45
Authentication-Results: mail.protonmail.ch; dkim=none
. . .
From: My Name <my_address@example.com>

SPF is passing with the envelope sender domain google.com, which not aligned (see RFC 7489, 3.1) with the example.com used in the header From. As SPF is not aligned and DKIM signature not present at all, DMARC fails.

Possible solutions:

  • Use example.com as the envelope sender.
  • DKIM sign the message with a signature aligned with example.com.
  • Ideally, configure both DMARC+SPF & DMARC+DKIM alignments.
Esa Jokinen
  • 1,724