I am working on a platform (mysite.com) that allows users to send emails, and specify the "FROM" parameter. In practice, John from johnplumbing.com will send email "FROM" [email protected] from mysite.com.
Emails are sent with Sendgrid, and sender authentication is set up. When I do a test, SPF and DKIM pass, but DMARC fails.
For now, I have set up DMARC's policy to none.
Email protection is getting confusing at that point. Do I need my users to make changes to their DNS in order to pass? For example, should my example user add mysite.com to their SPF record?
Thanks,
DMARC often fails when SPF and DKIM "pass", but don't "align", that is, for both SPF and DKIM you may be authenticating for Sendgrid, instead of for the johnplumbing.com domain.
If you provide the "Authentication-Results" header(s) from the email then we can confirm this possibility.