With forwarding, I’m pretty sure that the forwarding domain DMARC record isn’t involved. Only the DMARC of the sending domain is tested. So when Gmail mail is forwarded, it is evaluated based on GMail’s DMARC.
I was able to reproduce the problem you describe. Here’s the setup (correct me if I misinterpreted):
A@gmail.com --> firstname.lastname@example.org --> B@gmail.com
Using a DH mail-hosted domain (
example.com), I setup a forward only address (
email@example.com) which forwards to a Gmail address (
B@gmail.com). I then sent email from another Gmail account (
Test mail from A was received by B, but was put in the spam folder. The mail failed SPF but passed DMARC because A’s mail was DKIM signed by Gmail, and DH’s forwarder didn’t modify the message.
So why did it end up in spam, despite passing DMARC? My understanding is that DMARC is just one of many signals that Gmail uses to distinguish ham from spam. Other likely signals are:
- Domain novelty: the domain I used for forwarding hadn’t sent much mail, so Gmail was suspicious.
- Forwarding server: DH seems to forward via
mx*.dreamhost.com, which is different from the server used to send regular mail from the domain (
*.relay.mailchannels.net), so Gmail was suspicious.
- Forwarding spam filtering? If DH isn’t filtering spam for forward-only addresses, then Gmail won’t trust the forwarding servers (
To work around the problem, I setup a never-spam filter in B’s Gmail settings:
Do this: Never send it to Spam
That fixed the immediate problem. Now, a few days later, I’ve removed the filter and re-tested and forwarded mail is no longer marked as spam. Clearly, Gmail ruminated on the new mail flow pattern, and finally decided it was ok.