Using mailcow with gmail client

yhr

Hello everyone,
I’m encountering the following error:

redirectB@gmail.com: host gmail-smtp-in.l.google.com[74.125.71.27] said:
550-5.7.26 Unauthenticated email from connact.app is not accepted due to
550-5.7.26 domain’s DMARC policy. Please contact the administrator of
550-5.7.26 mydomainc.com domain if this was a legitimate mail. To learn about
the 550-5.7.26 DMARC initiative, go to 550 5.7.26
Control unauthenticated mail from your domain - Google Workspace Admin Help
5b1f17b1804b1-46fa9bdccbasi27408905e9.18 - gsmtp (in reply to end of DATA
command)

Scenario:

I send an email to userA@gmail.com using gmail client
userA@gmail.com has forwarding or redirect rules set up, so the message is automatically forwarded to redirectB@gmail.com.

When this happens, Gmail rejects the forwarded message with the DMARC error above.
If I send the same message using the SOGo web interface, it works fine.
However, I’d prefer to keep using the Gmail client for sending emails—if possible.

Previously, when I used a paid mail service, I never had this issue.
I set up Mailcow following the official guide: https://docs.mailcow.email/getstarted/install/
.

All DNS checks show that my SPF, DKIM, and DMARC records are valid, and Mail Tester gives my domain a 10/10 score.

Question:
Is there a way to configure Mailcow or Gmail to avoid this DMARC rejection while keeping the same user experience in Gmail?

Thanks in advance for any help!

ETNyx

Well, this is quiet complex question and not problem based in MC,…

Best solution is not to use forwarding in Gmail,.. Just send two mails from source,..

If it is not an option, you can consider to modify your DNS records to allow Gmail as sender. Or make more relaxed DNS settings. Both may work or may not,.. Both I would consider as security risk,..

You can consider to setup SMTP server that is implementing SRS (Sender Rewriting Scheme) and manage forwarding there.

Or something beyond mail world? We are living in brave new world of AI, maybe some agent, filtering your messages and not forwarding but sending new message (re-sending), will not break DMARC,…

yhr

ETNyx I understand what you’re trying to say; however, I can’t determine whether that user has enabled any internal redirect for themselves, as it’s part of an external service, not mine. This issue could happen with any client, since the recipient can set up different types of redirects. As far as I know, you can’t prevent someone from redirecting messages from their own inbox, can you?

I would also appreciate it if you could share any article, irrespective of your recommendation to change DNS records or SRS, so I can clarify for myself why this might be risky.

ETNyx

You are right — for me, security is more important than user convenience in this specific case.
If users want to forward messages, it’s their responsibility to do so in a way that preserves the “chain of trust” (DMARC, ARC, etc.). I understand you’re in a difficult situation where users are pressuring you, but as the system administrator, you are responsible for your configuration and its security.

My recommendation:
Do not lower your security measures. It’s the user’s responsibility to handle forwarding correctly, even if they lack the technical means.

If you want to experiment, you can modify your DMARC policy by changing the p parameter to p=none or p=quarantine.
This tells receiving servers (like Gmail) how strictly to enforce your DMARC checks — none means “monitor only” (no rejection), and quarantine means “mark as suspicious” rather than reject.

Keep in mind:
Lowering this setting reduces spoofing protection and makes it easier for phishers to send messages pretending to be from your domain across all DMARC-respecting servers, not just Gmail.

You could also try adding Gmail’s servers to your SPF record by including include:_spf.google.com.
However, if this works, it effectively marks all Gmail users as authorized senders for your domain = another spoofing risk.

As for SRS, since you’re talking about general Gmail users, this isn’t a viable option unless Gmail itself implemented SRS — which it doesn’t.

Unfortunately, with Gmail, it’s a bit of a Catch-22 situation. Sorry!