SPF: E-Mail gelangen nicht zu Kunde
We are receiving complaints that customers do not receive email notification about their invoices.
This is going on for some time and I was only informed yesterday, but the problem is for sure with the email sending mechanism. We have SPF, DKIM and DMARC set up for our natific.com domain and although the test message I sent to myself passed the SPF and DKIM checks, it failed on DMARC. Although our DMARC record defines no policy for failure (p=none) I think many mail servers of our customers will take action on the DMARC=fail messages.
I see that there are ways to integrate this to our policies, like using a subdomain with separate DMARC policy for sending these emails or giving a DKIM key to you, I do not want to go down this path.
The best way would be if you allow customers to use their own SMTP server with own credentials and that would ensure that emails coming with @natific.com address will pass all checks. Alternatively we can set a email@example.com type address which will most likely pass all policy checks you have set up for your domain, but if the customer tries to respond to that then it will not be delivered (likely end up in /dev/null). So in this solution it would be great to have a reply-to address set for these emails.
thank you for your response.
As I mentioned messages coming from you passes SPF verification so adding another include in our SPF record will not help.
Please see Section 7 of the DMARC specification:
"DMARC-compliant Mail Receivers MUST disregard any mail directive discovered as part of an authentication mechanism (e.g., ADSP, SPF) where a DMARC policy is also discovered."
This means if the message fails on the DMARC validation and our client has a "DMARC compliant receiver", then the message will be handled as spam, so quarantined or rejected.
I understand that allowing customers using their own SMTP might be too big of an undertaking for you, but I think allowing them to set a reply-to email for the email address they set up would help a lot. That way we could set "firstname.lastname@example.org" as the sending email and "email@example.com" as the reply-to email, so it would pass all SPF,DKIM,DMARC validations, but our clients would be able to respond to the invoice notification emails.
Please let me know if you see this as an update your development team could consider.
Sep 3, 2018
With one of our latest releases deployed in August 2018, emails will always be sent from a @bexio.com email address. Instead of using the email address of the bexio user as sender, this email address will be used as a "Reply To" address. This should reduce the spam score and therefore should result in fewer spam emails.