mailserver misconfiguration

Recently, i've send an e-mail to One day later, i got an e-mail from google that my mail was rejected by google. Sounds weird, since does not use google mailserver, right?

Here's what happened:
I have secured my domain with antispoofing mechanisms (SPF, DKIM and DMARC) so nobody is able to send spoofed e-mails using my domain. These mechanisms are open standards and used by a lot of mailproviders.

One feature of DMARC is to be notified by any other mailservers on the internet, if they received an e-mail from my domain and the authentication checks have failed. A reason could be a spoofed mail from an attacker, or due to misconfiguration.

So, i have send a mail to which seems to be a mailing list. My e-mail has been forwarded by the mailserver to other e-mailadresses, at least one @gmail address. The Google Mailserver has received this mail, but the authentication checks failed, since the mailserver is not allowed to send mails using my domain. This happened, because the mailserver has not changed the sender. Technically it's spoofing, since Google doesn't know that it was a forwarded e-mail.

I am surprised that this issue still exists... Since SPF/DKIM/DMARC are implemented by alot of mailproviders, chances are great that a lot of mails have been lost in the past. Please check logs of the mailserver, there should be bounces or NDRs.

To fix this problem, you have to change the envelope sender and header-from, before forwarding e-mails. This is a common problem with mailing lists. There are a lot of websites on the internet, which handle this problem.


Thanks for the info. I have noticed quite a few 'bounces' lately. This is definitely worth investigating.

@jow - Is this an easy mod?

Related discussion on the mailing list:

1 Like

Don't see any easy way to implement it and lack the time to investigate.

I remembered something; just disabled the internal forwarder and only left fteescout in place, we meant to switch to it anyhow.