DMARC forwarding is the process of forwarding an email from the recipient to another recipient. Forwarding can be manual or automatic. Manual forwarding occurs when a recipient manually forwards an email to another recipient, while automatic forwarding happens when an email is automatically forwarded to another recipient.

What are the types of DMARC forwarding?

There are two types of DMARC forwarding, manual and automatic forwarding. Manual forwarding occurs when a recipient receives an email and manually forwards it to another recipient. Automatic forwarding happens when an email is forwarded automatically to another recipient through email gateways, old email accounts, or colleges and universities.

What are the problems with DMARC forwarding?

When an email is automatically forwarded, problems with email authentication may occur. SPF will usually break in this scenario because the sending server will not be included in the SPF record for your company. If your DMARC policy is on a Quarantine or Reject policy, this will result in the email being delivered in the spam box, or not being delivered at all.

How does DMARC authentication work with DMARC forwarding?

DKIM is designed to survive automatic forwarding. A hash is appended to the email with DKIM, calculated using the message body and some of the mail headers that require your private key. If these parts are not changed in any way by the forwarder, the DKIM signature will be preserved and can still be validated by the final receiver of the message.

What is a local policy in DMARC?

Local policy in DMARC indicates that the ISP sending the DMARC report has applied a certain local policy to the messages which results in a different DMARC policy being applied than expected based on the DKIM and/or SPF data for that message. This could mean that an email was still placed in the inbox even though the message should be rejected or quarantined based on the DMARC data. ISPs are free to apply a local policy on incoming mail, and this can differ per ISP.