Skip to main content

Forwarding and Enable Sender Rewriting Scheme

swbrains
I've read some of the threads here on this topic but I'm still confused. My case is pretty typical (I would think) in that an outside party using some email account like example @ gmail.com sends an email to an email forwarder address like forwarder @ hostedaccount.com. In this example, hostedaccount.com is hosted on my server. The mail is then forwarded according to the forwarder rules to example @ yahoo.com. Yahoo gets the email and rejects it for DMARC violation because it thinks it was sent from my server which does not host the sender's gmail.com domain. I do understand and accept why that happens. I have been reading the threads that suggest that I enable Enable Sender Rewriting Scheme (SRS) Support on my server where the forwarder exists. But if I do this, what would be the sender/from address on the message that the ultimate recipient @ yahoo.com receives (according to my example above)? Could that message then be replied to by the Yahoo recipient in order to reply to the original sender @ gmail.com? I don't want to enable this for my entire server and then realize that I've caused confusion for my customers that use forwarders because the messages no longer appear to "come from" the person who sent them or they can't determine who sent it (or reply to them) because the sender address has been modified by the server during forwarding. Thanks for any clarification you can provide. :)

Comments

11 comments

Date Votes
  • cPanelLauren
    Hi @swbrains The behavior of SRS is as follows: [QUOTE] This option rewrites sender addresses so that the email appears to come from the forwarding mail server. This allows forwarded email to pass an SPF check on the receiving server. Note:
    • This setting defaults to Off.
    • This setting uses the default configuration for SRS. If you wish to customize the SRS configuration, use the
    0
  • swbrains
    Thanks, but I think I'm still confused... :) >>rewrites sender addresses so that the email appears to come from the forwarding mail server How is the new (rewritten) sender address generated? I realize it must use the domain of the forwarding mail server to pass SPF checks, but what does it use as the "local" part of the sender's email address? If I sent an email originally from example @ gmail.com, what would the ultimate recipient see as the Sender/FROM address on the message they receive? Also, how does rewriting the sender/FROM address affect the ability of the recipient to identify or reply to the original sender? Thanks!
    0
  • cPanelLauren
    For example if I send an email from myemail@gmail.com to user@mydomain.tld which has a forwarder to someone@yahoo.com, SRS rewrites the sender addresss to come from user@mydomain.tld rather than myemail@gmail.com as far as the source of the email is concerned. The problem with this is found in the headers of the email. Return-Path: Authentication-Results: mta4359.mail.bf1.yahoo.com; dkim=permerror (bad sig) header.i=@gmail.com header.s=20161025; spf=softfail smtp.mailfrom=@gmail.com; dmarc=fail(p=none sp=quarantine dis=none) header.from=gmail.com; Received-SPF: softfail (transitioning domain of gmail.com does not designate as permitted sender)
    So to answer your question when you forward mail like this it comes from the forwarding server but it's shown as coming from the original address (in this case gmail) and this causes a failure SPF, DKIM and DMARC Here's an example of what is shown in the headers when I have it enabled: Return-Path: Authentication-Results: mta4490.mail.ne1.yahoo.com; dkim=pass (ok) header.i=@domain.tld header.s=default; spf=pass smtp.mailfrom=@domain.tld; dmarc=fail(p=none sp=quarantine dis=none) header.from=gmail.com; Received-SPF: pass (domain of domain.tld designates as permitted sender) X
    My DMARC in this case fails but only because I don't have one for this domain Replying will work the same way it always does, you'll reply to the originator of the message in both instances.
    0
  • swbrains
    Thanks. So how does the recipient's email app know to reply to the original sender address? Is this feature rewriting only the FROM header to be the forwarding domain (to pass SPF checks), but keeping the REPLY-TO header set to the original sender's address?
    0
  • cPanelLauren
    The Reply-To/Return-Path header doesn't get changed all that's changed is the From header and the Received header: With SRS: Received: from 127.0.0.1 (EHLO server.hostname.us) (104.145.226.61) by mta4490.mail.ne1.yahoo.com with SMTPS; Fri, 19 Jul 2019 14:08:23 +0000
    Without SRS: Received: by mail-wr1-f42.google.com with SMTP id y4so32405766wrm.2 for ; Fri, 19 Jul 2019 07:03:06 -0700 (PDT)
    0
  • adamcanderson
    Can someone help me figure out how to enable the Sender Rewriting Scheme (SRS) support in my cPanel?
    0
  • Infopro
    Can someone help me figure out how to enable the Sender Rewriting Scheme (SRS) support in my cPanel?

    Your Hosting Provider can. Your forum profile lists you as Website Owner, that normally means you don't have access to WebHost Manager where this option is located.
    0
  • swbrains
    Hi, I have turned on SRS in Exim Configuration and it seems to work fine for emails sent from outside the server to a forwarder on the server, but I need to revisit this topic for the other option mentioned above: EXPERIMENTAL: Rewrite From: header to match actual sender I now see a message from a user that was sent directly from my server using a FROM address of the sender, which was an AOL address. It was sent to a forwarder as the recipient which then forwarded to a gmail address. Gmail rejected it due to a DMARC violation, which I understand. So would the experimental option above help me in resolving these types of rejections for messages sent directly from the server but using an external email address? If not, is there a way to resolve this (other than sending the message initially with a local domain email address as the FROM address)? Thanks!
    0
  • cPanelLauren
    There are a couple of options for that setting and I do believe it would resolve the issue - I'd set it to remote only as it looks like the failures are on messages that are being delivered remotely. The description of the setting is as follows: If you enabled this option, the From: header will be rewritten to be the email address of the actual message sender. If you choose the "remote" option, only messages that are being sent to remote destinations will be affected.
    0
  • swbrains
    Thanks. When it says it will rewrite the FROM header, what will it rewrite it as? That is, I assume it needs to be something @ the site's domain in order to pass DMARC tests, so what would be the FROM address's "user" portion in the new FROM address: "[user] @ mydomain.com"?
    0
  • cPanelLauren
    It will rewrite the FROM header to the actual message sender - so where it originated from. The from address will always be user@somedomain.tld but that will only be present if the message originates from the server.
    0

Please sign in to leave a comment.

Didn't find what you were looking for?

New post