Did I shoot myself in the foot ?
I mainly use gmail to send and receive emails. Support etc. My default 'send email as' profile is not the gmail address itself but an address on my server (also the Reply-to address). Example: "My Name <[email protected]>"
On my server I have SPF and DKIM setup optimally because I send out 'bulk' emails from time to time to my user base (after I update my software).
SPF includes gmail ( +include:_spf.google.com )
All this has been working fine for year. Yesterday I also setup DMARC to make sure people can't impersonate me via email. There was no DMARC record before yesterday. I setup my DMARC policy to reject (p=reject) to avoid spoofing etc.
Today I sent out a few emails (via gmail) to other gmail addresses and they bounced because of the policy. Weirdly enough emails to hotmail.com (for instance) arrived (I checked with the receivers). I sent an email (via gmail) to https://www.learndmarc.com/ (generated email address for testing) where the issue was confirmed
I wonder what to do best ?
- Remove DMARC again ?
- Keep DMARC but change the policy to relaxed (p=none)
- Setup gmail to send via my server's SMTP
Ideally there would be a fourth option (I don't know about) that keep things as they are but somehow 'improves' DMARC to still p=reject yet accept gmail as sender somehow ?
Your input appreciated
p=none
is as safe as your previous configuration (though still subject to caching; recommend lowering TTL on that record to something in the order of magnitude of hours, not days)