Domain-based Message Authentication, Reporting & Conformance (DMARC) is a standard that helps prevent spoofing by verifying the sender’s identity. If an email fails DMARC validation, it often means t...
Updated Jul 26, 2023
Version 3.0
Blog Post
3 MIN READ
Announcing New DMARC Policy Handling Defaults for Enhanced Email Security
This change appears to be causing issues for Microsoft users who forward emails from their Hotmail/Outlook.com accounts to other addresses.
See: https://answers.microsoft.com/en-us/outlook_com/forum/outlk_com-outtop_email/outlook-redirect-rule-stopped-working-access/32a19354-a0c7-4747-a1b5-5f4babd4b9cc?messageId=9c2b1b3d-e4c9-4cdb-aac4-2be1aec99397&page=1
We use Mailchimp to send email newsletters to subscribers and have a complete DKIM/SPF/DMARC framework in place. We get lots of DMARC bounces from Hotmail subscribers who are using rules to forward their inbound emails to 3rd party email addresses.
Our email newsletter is getting forwarded to the new address but the mail headers being set suggest that Microsoft's IP is the sender, which will then fail DKIM/SPF checks because of the DMARC policy above.
Our own DMARC policy is *correctly* set to reject emails that aren't authenticated - this IS NOT a sender issue.
I wonder if Microsoft have stopped adding headers like "X-Forwarded-For" from the emails when they are forwarded using rules in Hotmail/Outlook.com...?