How do auto-forwarders impact authentication results?
Auto forwarders such as a user’s vacation auto reply or a mailbox rule create a new mail stream that breaks the original authentication.
SPF fails because the auto responder sends the message from its own IP which is not in the original sender’s SPF record.
DKIM often fails because the auto responder becomes a new sender and cannot re sign with the original sender’s DKIM key. If it modifies the message such as adding a prefix to the subject it also breaks the original DKIM signature.
This is why ARC is essential. A DMARC aware forwarder adds an ARC seal before forwarding which preserves the original dmarc=pass and tells the receiving server that the message was valid before forwarding.
Was this answer helpful?
Thanks for your feedback!