Recently, i've send an e-mail to contact@openwrt.org. One day later, i got an e-mail from google that my mail was rejected by google. Sounds weird, since openwrt.org does not use google mailserver, right?
Here's what happened:
I have secured my domain with antispoofing mechanisms (SPF, DKIM and DMARC) so nobody is able to send spoofed e-mails using my domain. These mechanisms are open standards and used by a lot of mailproviders.
One feature of DMARC is to be notified by any other mailservers on the internet, if they received an e-mail from my domain and the authentication checks have failed. A reason could be a spoofed mail from an attacker, or due to misconfiguration.
So, i have send a mail to contact@openwrt.org which seems to be a mailing list. My e-mail has been forwarded by the openwrt.org mailserver to other e-mailadresses, at least one @gmail address. The Google Mailserver has received this mail, but the authentication checks failed, since the openwrt.org mailserver is not allowed to send mails using my domain. This happened, because the openwrt.org mailserver has not changed the sender. Technically it's spoofing, since Google doesn't know that it was a forwarded e-mail.
I am surprised that this issue still exists... Since SPF/DKIM/DMARC are implemented by alot of mailproviders, chances are great that a lot of mails have been lost in the past. Please check logs of the openwrt.org mailserver, there should be bounces or NDRs.
To fix this problem, you have to change the envelope sender and header-from, before forwarding e-mails. This is a common problem with mailing lists. There are a lot of websites on the internet, which handle this problem.
BR!